8 matches found
CVE-2025-8488 Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) <= 2.4.6 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update
The Ultimate Addons for Elementor Formerly Elementor Header & Footer Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savehfecompatibilityoptioncallback function in all versions up to, and including, 2.4.6. This makes it...
CVE-2021-24271
The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...
CVE-2024-37455
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31...
CVE-2023-50890
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20...
CVE-2021-24271
CVE-2021-24271 affects the WordPress plugin Ultimate Addons for Elementor (before 1.30.0). The vulnerability is a stored XSS in several widgets, exploitable by lower-privileged users (e.g., contributors) via a similar method. Connected sources confirm the affected version and context; the advisor...
CVE-2020-13125
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled...
CVE-2020-13125
The CVE-2020-13125 entry concerns the Ultimate Addons for Elementor WordPress plugin (
PT-2020-13342
Name of the Vulnerable Software and Affected Versions Ultimate Addons for Elementor plugin versions prior to 1.24.2 Description An issue in the Ultimate Addons for Elementor plugin allows unauthenticated attackers to create users with the Subscriber role, even when registration is disabled. This...