Lucene search
K

8 matches found

Cvelist
Cvelist
added 2025/08/02 9:23 a.m.11 views

CVE-2025-8488 Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) <= 2.4.6 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update

The Ultimate Addons for Elementor Formerly Elementor Header & Footer Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savehfecompatibilityoptioncallback function in all versions up to, and including, 2.4.6. This makes it...

4.3CVSS0.00227EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.7 views

CVE-2021-24271

The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

5.4CVSS5.7AI score0.0059EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:36 a.m.8 views

CVE-2024-37455

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31...

8.8CVSS7AI score0.00483EPSS
Exploits0References1
NVD
NVD
added 2024/05/17 9:15 a.m.16 views

CVE-2023-50890

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20...

8.8CVSS8.8AI score0.00547EPSS
Exploits0References1
CVE
CVE
added 2021/05/05 6:28 p.m.89 views

CVE-2021-24271

CVE-2021-24271 affects the WordPress plugin Ultimate Addons for Elementor (before 1.30.0). The vulnerability is a stored XSS in several widgets, exploitable by lower-privileged users (e.g., contributors) via a similar method. Connected sources confirm the affected version and context; the advisor...

5.4CVSS5.2AI score0.0059EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/05/17 1:15 a.m.2 views

CVE-2020-13125

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled...

6.5CVSS6.9AI score0.02307EPSS
Exploits0References2
CVE
CVE
added 2020/05/17 12:39 a.m.164 views

CVE-2020-13125

The CVE-2020-13125 entry concerns the Ultimate Addons for Elementor WordPress plugin (

7.2CVSS7.7AI score0.02307EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/05/17 12:0 a.m.4 views

PT-2020-13342

Name of the Vulnerable Software and Affected Versions Ultimate Addons for Elementor plugin versions prior to 1.24.2 Description An issue in the Ultimate Addons for Elementor plugin allows unauthenticated attackers to create users with the Subscriber role, even when registration is disabled. This...

7.2CVSS6.8AI score0.02307EPSS
Exploits0References8
Rows per page
Query Builder