25 matches found
CVE-2024-2792
CVE-2024-2792 affects the Elementor Addon Elements plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via widgets in all versions up to 1.13.2, caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authenticati...
CVE-2023-5381
CVE-2023-5381 – Elementor Addon Elements for WordPress is vulnerable to Stored XSS via admin settings in versions up to and including 1.12.7 due to insufficient input sanitization and output escaping. An attacker with administrator privileges can inject scripts that execute when users load inject...
CVE-2024-3743
CVE-2024-3743 affects the Elementor Addon Elements plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) in the Image Stack Group, Shape Separator, Content Switcher, Info Circle and Timeline widgets caused by insufficient input sanitization and output escaping. It affects...
CVE-2024-30422
CVE-2024-30422 affects WPVibes Elementor Addon Elements (WordPress plugin) up to version 1.13.1. It is a Stored XSS caused by improper neutralization of input during web page generation. The vulnerability can impact confidentiality and integrity (as per CVSS metrics: C/L, I/L with UI/R; attack ve...
CVE-2024-47361
CVE-2024-47361 – Elementor Addon Elements (WPVibes)
CVE-2023-4723
CVE-2023-4723 — Elementor Addon Elements for WordPress is a vulnerability in the WordPress plugin Elementor Addon Elements, affecting versions up to and including 1.12.7. The issue stems from the ajax_eae_post_data function, which allows unauthenticated attackers to expose sensitive information s...
CVE-2024-1358
CVE-2024-1358 affects the Elementor Addon Elements WordPress plugin (versions ≤ 1.12.12). The vulnerability is a directory traversal flaw in the render function that allows authenticated attackers with contributor access or higher to include contents of arbitrary PHP files on the server, exposing...
CVE-2023-4690
CVE-2023-4690 affects the Elementor Addon Elements plugin for WordPress (versions
CVE-2024-29107
CVE-2024-29107 is a stored XSS in WPVibes Elementor Addon Elements (Elementor Addon Elements) that affects versions up to 1.12.10. The issue stems from improper input handling during web-page generation, enabling stored cross-site scripting. Red Hat and Wordfence entries corroborate the vulnerabi...
CVE-2024-2091
The CVE refers to WordPress plugin Elementor Addon Elements (Addon Elements for Elementor Page Builder). Affected versions: all up to 1.13.1 (and related advisory notes cite <= 1.13.2 as affected by an authenticated Stored Cross-Site Scripting vulnerability). Root cause: insufficient input san...
CVE-2023-4689
CVE-2023-4689 affects the Elementor Addon Elements plugin for WordPress (
CVE-2021-24259
CVE-2021-24259 affects the WordPress plugin Elementor Addon Elements, prior to version 1.11.2. Several widgets allow stored XSS by low-privilege users (e.g., contributors) via crafted input in widget fields (notably Flip Box, Price Table, Timeline), due to insufficient input sanitization. Impact ...
CVE-2024-2092
CVE-2024-2092 affects Elementor Addon Elements for WordPress. A stored XSS via the Twitter Widget exists in all versions up to 1.13.3 due to insufficient input sanitization and output escaping on user attributes. Exploitation requires an authenticated attacker with contributor-level permissions, ...
CVE-2024-4401
The CVE CVE-2024-4401 affects the WordPress plugin Elementor Addon Elements (WordPress plugin) and describes a Stored Cross-Site Scripting vulnerability via the id and eae_slider_animation parameters in versions up to 1.13.5. The vulnerability requires authenticated access at Contributor level or...
CVE-2024-4570
CVE-2024-4570 : Elementor Addon Elements for WordPress has a Stored Cross-Site Scripting vulnerability in the URL parameter for versions up to and including 1.13.5 due to insufficient input sanitization and output escaping. Exploitation requires at least Contributor+ rights and can cause arbitrar...
CVE-2024-1391
The CVE-2024-1391 entry concerns the Elementor Addon Elements plugin for WordPress. Affected component: Thumbnail Slider widget, via the eae_custom_overlay_switcher attribute. Root cause: insufficient input sanitization and output escaping leads to Stored Cross-Site Scripting when exploited by an...
CVE-2024-7122
CVE-2024-7122 : The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 1.13.6 due to insufficient input sanitization and output escaping on user attributes. authenticated attackers with Contributor+ privileges can inject scripts execut...
CVE-2024-4569
CVE-2024-4569 affects Elementor Addon Elements for WordPress (≤1.13.5). It is a Stored XSS via the url parameter due to insufficient input sanitization and output escaping. Exploitation requires at least contributor+ privileges (authenticated). Wordfence lists this CVE as patched for the plugin, ...
CVE-2024-47366
CVE-2024-47366 is a stored XSS vulnerability in the WordPress plugin “WPVibes Elementor Addon Elements” affecting versions up to 1.13.6. The issue arises from improper input neutralization during web page generation, enabling stored cross-site scripting. Public references (Wordfence WordPress vul...
CVE-2024-13215
The CVE-2024-13215 entry concerns the Elementor Addon Elements for WordPress. It describes a Sensitive Information Exposure in the render function of modules/modal-popup/widgets/modal-popup.php, enabling authenticated attackers with Contributor-level access or higher to extract private, pending, ...
CVE-2024-1392
CVE-2024-1392 affects the WordPress plugin Elementor Addon Elements (versions
CVE-2024-8902
CVE-2024-8902 affects the WordPress plugin Elementor Addon Elements (WPVibes). The vulnerability is an authenticated information disclosure via the function render_column in modules/data-table/widgets/data-table.php, allowing attackers with Contributor-level access and above to extract sensitive ...
CVE-2024-0834
CVE-2024-0834 affects the WordPress plugin Elementor Addon Elements (versions
CVE-2024-1393
Elementor Addon Elements for WordPress has Stored XSS via the Content Switcher widget (icon_align) in all versions up to 1.12.12. Root cause: insufficient input sanitization and output escaping. Affected: plugin versions
CVE-2024-1422
The CVE-2024-1422 entry concerns the WordPress plugin Elementor Addon Elements. A stored XSS vulnerability exists in the modal popup widget’s effect setting across all versions up to 1.12.12 due to insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requi...