28 matches found
WordPress Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin <= 4.11.70 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Fernando Mecozzi in WordPress Plugin Premium Addons for Elementor versions = 4.11.70...
WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Messenger Chat Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Messenger Chat Widget vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...
CVE-2025-69300
The CVE CVE-2025-69300 concerns Leap13 Premium Addons for Elementor (plugin: premium-addons-for-elementor) with affected versions from n/a up to and including 4.11.63. The issue is a Missing Authorization vulnerability caused by incorrectly configured access control security levels, enabling unau...
CVE-2024-2666
The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Bullet List Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
WordPress Premium Addons for Elementor plugin <= 4.11.53 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'get_template_content' vulnerability
Missing Authorization to Unauthenticated Sensitive Information Exposure via 'gettemplatecontent' vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Premium Addons for Elementor versions = 4.11.53...
CVE-2025-4774
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress Premium Addons for Elementor plugin <= 4.10.56 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Premium Addons for Elementor versions = 4.10.56...
WordPress Premium Addons for Elementor Plugin <= 4.10.60 is vulnerable to Cross Site Scripting (XSS)
Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.60 Fixed in 4.10.61 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10266 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID 13c728eb67aa Credits zer0gh0st...
CVE-2024-37922 WordPress Premium Addons for Elementor plugin <= 4.10.34 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.34...
WordPress Premium Addons for Elementor plugin <= 4.10.34 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by wcraft Patchstack Alliance in WordPress Plugin Premium Addons for Elementor versions = 4.10.34...
WordPress Premium Addons for Elementor Plugin <= 4.10.34 is vulnerable to Cross Site Scripting (XSS)
Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.34 Fixed in 4.10.35 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37922 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID 8d2ddf127555 Credits wcraft Required privilege...
WordPress Premium Addons for Elementor plugin <= 4.10.35 - Regular Expressions Denial of Service vulnerability
Regular Expressions Denial of Service vulnerability discovered by Muhammad Umer Adeem Yldrm in WordPress Plugin Premium Addons for Elementor versions = 4.10.35...
WordPress Premium Addons for Elementor plugin <= 4.10.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin Premium Addons for Elementor versions = 4.10.35...
WordPress Premium Addons for Elementor Plugin <= 4.10.35 is vulnerable to Cross Site Scripting (XSS)
Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.35 Fixed in 4.10.36 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6340 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID f50506540d4a Credits Webbernaut...
WordPress Premium Addons for Elementor Plugin <= 4.10.31 is vulnerable to Cross Site Scripting (XSS)
Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.31 Fixed in 4.10.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4378 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID a518161b61c6 Credits stealthcopter...
WordPress Premium Addons for Elementor Plugin <= 4.10.30 is vulnerable to Cross Site Scripting (XSS)
Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.30 Fixed in 4.10.31 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4203 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID cf4e9df4cfae Credits Ngô Thiên An...
WordPress Premium Addons for Elementor plugin <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Premium Addons for Elementor versions = 4.10.28...
WordPress Premium Addons for Elementor Plugin <= 4.10.28 is vulnerable to Cross Site Scripting (XSS)
Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.28 Fixed in 4.10.29 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3885 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID efd244d42ee8 Credits Ngô Thiên An...
WordPress Premium Addons for Elementor Plugin <= 4.10.25 is vulnerable to Cross Site Scripting (XSS)
Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.25 Fixed in 4.10.26 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32791 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID 5e608ef68f6a Credits Ray Wilson Required privileg...
WordPress Premium Addons for Elementor Plugin <= 4.10.27 is vulnerable to Cross Site Scripting (XSS)
Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.27 Fixed in 4.10.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2665 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID cacdff610a83 Credits Dau Hoang Tai...