10 matches found
CVE-2025-24729
CVE-2025-24729 concerns the WordPress plugin ElementInvader Addons for Elementor, with Stored XSS in ElementInvader Addons for Elementor <= 1.3.3. The vulnerability stems from improper input neutralization during web page generation, allowing stored cross-site scripting. Public documents confi...
CVE-2025-24618
CVE-2025-24618 is a Missing Authorization vulnerability affecting the WordPress plugin ElementInvader Addons for Elementor (versions up to 1.3.1). The connected sources describe a broken access control vulnerability allowing exploitation of improperly configured authorization, with no public expl...
CVE-2024-2308
CVE-2024-2308 affects the ElementInvader Addons for Elementor WordPress plugin. The vulnerability is a Stored XSS via the EliSlider button link in all versions up to 1.2.2, caused by insufficient input sanitization and output escaping. Affected: ElementInvader Addons for Elementor (WordPress plug...
CVE-2024-38705
CVE-2024-38705 affects ElementInvader Addons for Elementor (WordPress). The vulnerability is a Stored XSS caused by improper neutralization of input during web page generation, affecting ElementInvader Addons for Elementor versions up to and including 1.2.4. Mitigation: upgrade to a version later...
CVE-2024-12059
CVE-2024-12059 : ElementInvader Addons for Elementor (WordPress) is vulnerable to Sensitive Information Exposure in all versions up to 1.3.1 via the eli_option_value shortcode. An authenticated attacker with Contributor-level access (or higher) can read arbitrary options from the wp_options table...
CVE-2025-24578
CVE-2025-24578 affects ElementInvader Addons for Elementor (WordPress plugin). The vulnerability is a DOM-based XSS caused by improper input neutralization during web page generation, impacting ElementInvader Addons for Elementor versions from n/a through 1.3.0. The Red Hat/ENISA and Patchstack e...
CVE-2025-22786
CVE-2025-22786 corresponds to a Path Traversal vulnerability in ElementInvader Addons for Elementor. The issue enables PHP Local File Inclusion via authenticated access (Contributor+ level) in ElementInvader Addons for Elementor
CVE-2024-9888
The CVE-2024-9888 entry concerns the WordPress plugin ElementInvader Addons for Elementor. A Stored Cross-Site Scripting (XSS) vulnerability exists in the plugin’s contact form widget redirect URL due to insufficient input sanitization and output escaping on user-supplied attributes. Affected ver...
CVE-2024-9889
CVE-2024-9889 affects ElementInvader Addons for Elementor (WordPress). The vulnerability allows authenticated attackers with contributor-level access and above to perform Sensitive Information Exposure via the Page Loader widget, enabling viewing of private/draft/password-protected posts, pages, ...
CVE-2024-47630
ElementInvader Addons for Elementor (WordPress plugin) contains CVE-2024-47630: Stored XSS due to improper input neutralization during web page generation. Affected versions are