Elementinvader Addons For Elementor Security Vulnerabilities and Issues — Elementinvader Addons For Elementor CVE List

Lucene search

ElementinvaderElementinvader Addons For Elementor

10 matches found

CVE•added 2024/03/16 2:15 a.m.•47 views

CVE-2024-2308

The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link in the EliSlider in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, ...

6.4CVSS7.7AI score0.0008EPSS

CVE•added 2024/07/20 8:15 a.m.•46 views

CVE-2024-38705

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.4.

6.5CVSS6.5AI score0.00064EPSS

CVE•added 2025/01/24 6:15 p.m.•45 views

CVE-2025-24729

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.3.

6.5CVSS6.5AI score0.00034EPSS

CVE•added 2025/01/24 6:15 p.m.•43 views

CVE-2025-24618

Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.1.

8.8CVSS4.7AI score0.00056EPSS

CVE•added 2025/01/15 4:15 p.m.•42 views

CVE-2025-22786

Path Traversal vulnerability in ElementInvader ElementInvader Addons for Elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.6.

8.8CVSS7.7AI score0.00057EPSS

CVE•added 2024/12/12 6:15 a.m.•40 views

CVE-2024-12059

The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract arbitr...

4.3CVSS6.8AI score0.00058EPSS

CVE•added 2025/01/24 6:15 p.m.•38 views

CVE-2025-24578

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows DOM-Based XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.0.

6.5CVSS6.6AI score0.00034EPSS

CVE•added 2024/10/16 6:15 a.m.•37 views

CVE-2024-9888

The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget redirect URL in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

5.4CVSS5.3AI score0.00044EPSS

CVE•added 2024/10/19 7:15 a.m.•36 views

CVE-2024-9889

The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9 via the Page Loader widget. This makes it possible for authenticated attackers, with contributor-level access and above, to view private/draft/pas...

4.3CVSS4.7AI score0.00095EPSS

CVE•added 2024/10/05 2:15 p.m.•35 views

CVE-2024-47630

6.5CVSS6.8AI score0.00055EPSS