CVE-2026-49052

CVE-2026-49052 affects the WordPress ElementsKit Elementor addons Lite plugin up to version 3.9.6. The issue is described as a Missing Authorization/Broken Access Control vulnerability, caused by incorrectly configured access control security levels that potentially allow unauthorized actions wit...

CVE-2026-49052 WordPress ElementsKit Elementor addons Lite plugin <= 3.9.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6...

CVE-2024-2803

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2025-30705 · WordPress · Elementskit Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor Addons and Templates versions prior to 3.5.3 Description: The ElementsKit Elementor Addons and Templates plugin for WordPress is susceptible to Stored Cross-Site Scripting via the URL attribute of a custom widget due to...

CVE-2024-1238

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button ID parameter in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contribut...

CVE-2024-2042

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-11180

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer Widget ekitcountdowntimertitle parameter in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-11180 ElementsKit Elementor addons <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer Widget ekitcountdowntimertitle parameter in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-11180

CVE-2024-11180 affects ElementsKit Elementor Addons and Templates (Elementor) with a Stored Cross-Site Scripting vulnerability in the ekit_countdown_timer_title parameter, exploitable on all versions up to 3.4.7 due to insufficient input sanitization/output escaping. Attackers with Contributor+ p...

CVE-2025-0968

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the getmegamenucontent function. This makes it possible for unauthenticated attackers to view any item created in...

CVE-2025-0968 ElementsKit Elementor addons <= 3.4.0 - Unauthenticated Information Exposure via get_megamenu_content Function

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the getmegamenucontent function. This makes it possible for unauthenticated attackers to view any item created in...

CVE-2025-1005

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion widget in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-1005 ElementsKit Elementor addons <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion widget in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress ElementsKit Elementor addons plugin <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.2.9...

WordPress ElementsKit Elementor addons plugin <= 3.2.0 - Unauthenticated Information Exposure via ekit_widgetarea_content Function vulnerability

Unauthenticated Information Exposure via ekitwidgetareacontent Function vulnerability discovered by stealthcopter in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.2.0...

WordPress plugin ElementsKit Elementor addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

CVE-2024-2803

CVE-2024-2803 corresponds to ElementsKit Elementor addons and Templates Library in WordPress, where Stored XSS via the countdown widget exists in all versions up to 3.0.6 due to insufficient input sanitization and output escaping. The vulnerability allows authenticated attackers with contributor-...

ElementsKit Elementor addons < 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

Description The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

ElementsKit Elementor addons < 3.0.5 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

CVE-2024-1239

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...