Lucene search
K
WebtechstreetElementor Addon Elements

25 matches found

CVE
CVE
added 2024/04/09 6:59 p.m.74 views

CVE-2024-2792

CVE-2024-2792 affects the Elementor Addon Elements plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via widgets in all versions up to 1.13.2, caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authenticati...

6.4CVSS6.1AI score0.00497EPSS
CVE
CVE
added 2023/11/15 10:32 p.m.71 views

CVE-2023-5381

CVE-2023-5381 – Elementor Addon Elements for WordPress is vulnerable to Stored XSS via admin settings in versions up to and including 1.12.7 due to insufficient input sanitization and output escaping. An attacker with administrator privileges can inject scripts that execute when users load inject...

4.8CVSS4.9AI score0.00496EPSS
CVE
CVE
added 2024/05/02 4:52 p.m.69 views

CVE-2024-3743

CVE-2024-3743 affects the Elementor Addon Elements plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) in the Image Stack Group, Shape Separator, Content Switcher, Info Circle and Timeline widgets caused by insufficient input sanitization and output escaping. It affects...

6.4CVSS5.8AI score0.00572EPSS
CVE
CVE
added 2024/03/28 9:3 a.m.67 views

CVE-2024-30422

CVE-2024-30422 affects WPVibes Elementor Addon Elements (WordPress plugin) up to version 1.13.1. It is a Stored XSS caused by improper neutralization of input during web page generation. The vulnerability can impact confidentiality and integrity (as per CVSS metrics: C/L, I/L with UI/R; attack ve...

6.5CVSS7.2AI score0.0034EPSS
CVE
CVE
added 2024/11/01 2:17 p.m.67 views

CVE-2024-47361

CVE-2024-47361 – Elementor Addon Elements (WPVibes)

8.8CVSS5.9AI score0.00433EPSS
CVE
CVE
added 2023/11/15 10:32 p.m.66 views

CVE-2023-4723

CVE-2023-4723 — Elementor Addon Elements for WordPress is a vulnerability in the WordPress plugin Elementor Addon Elements, affecting versions up to and including 1.12.7. The issue stems from the ajax_eae_post_data function, which allows unauthenticated attackers to expose sensitive information s...

5.3CVSS5.6AI score0.00927EPSS
CVE
CVE
added 2024/03/13 3:26 p.m.66 views

CVE-2024-1358

CVE-2024-1358 affects the Elementor Addon Elements WordPress plugin (versions ≤ 1.12.12). The vulnerability is a directory traversal flaw in the render function that allows authenticated attackers with contributor access or higher to include contents of arbitrary PHP files on the server, exposing...

8.8CVSS8.4AI score0.01235EPSS
CVE
CVE
added 2023/11/15 10:32 p.m.61 views

CVE-2023-4690

CVE-2023-4690 affects the Elementor Addon Elements plugin for WordPress (versions

5.4CVSS4.5AI score0.00298EPSS
CVE
CVE
added 2024/03/19 3:35 p.m.61 views

CVE-2024-29107

CVE-2024-29107 is a stored XSS in WPVibes Elementor Addon Elements (Elementor Addon Elements) that affects versions up to 1.12.10. The issue stems from improper input handling during web-page generation, enabling stored cross-site scripting. Red Hat and Wordfence entries corroborate the vulnerabi...

6.5CVSS8.6AI score0.00317EPSS
CVE
CVE
added 2024/03/28 2:37 a.m.60 views

CVE-2024-2091

The CVE refers to WordPress plugin Elementor Addon Elements (Addon Elements for Elementor Page Builder). Affected versions: all up to 1.13.1 (and related advisory notes cite <= 1.13.2 as affected by an authenticated Stored Cross-Site Scripting vulnerability). Root cause: insufficient input san...

5.4CVSS7.4AI score0.00516EPSS
CVE
CVE
added 2023/11/15 10:32 p.m.59 views

CVE-2023-4689

CVE-2023-4689 affects the Elementor Addon Elements plugin for WordPress (

5.4CVSS4.5AI score0.00298EPSS
CVE
CVE
added 2021/05/05 6:28 p.m.58 views

CVE-2021-24259

CVE-2021-24259 affects the WordPress plugin Elementor Addon Elements, prior to version 1.11.2. Several widgets allow stored XSS by low-privilege users (e.g., contributors) via crafted input in widget fields (notably Flip Box, Price Table, Timeline), due to insufficient input sanitization. Impact ...

5.4CVSS5.2AI score0.0059EPSS
CVE
CVE
added 2024/06/12 9:33 a.m.58 views

CVE-2024-2092

CVE-2024-2092 affects Elementor Addon Elements for WordPress. A stored XSS via the Twitter Widget exists in all versions up to 1.13.3 due to insufficient input sanitization and output escaping on user attributes. Exploitation requires an authenticated attacker with contributor-level permissions, ...

5.4CVSS5.3AI score0.00322EPSS
CVE
CVE
added 2024/08/30 3:24 a.m.56 views

CVE-2024-4401

The CVE CVE-2024-4401 affects the WordPress plugin Elementor Addon Elements (WordPress plugin) and describes a Stored Cross-Site Scripting vulnerability via the id and eae_slider_animation parameters in versions up to 1.13.5. The vulnerability requires authenticated access at Contributor level or...

6.4CVSS5.5AI score0.0031EPSS
CVE
CVE
added 2024/06/27 4:4 a.m.56 views

CVE-2024-4570

CVE-2024-4570 : Elementor Addon Elements for WordPress has a Stored Cross-Site Scripting vulnerability in the URL parameter for versions up to and including 1.13.5 due to insufficient input sanitization and output escaping. Exploitation requires at least Contributor+ rights and can cause arbitrar...

6.4CVSS5.5AI score0.00322EPSS
CVE
CVE
added 2024/03/13 3:27 p.m.55 views

CVE-2024-1391

The CVE-2024-1391 entry concerns the Elementor Addon Elements plugin for WordPress. Affected component: Thumbnail Slider widget, via the eae_custom_overlay_switcher attribute. Root cause: insufficient input sanitization and output escaping leads to Stored Cross-Site Scripting when exploited by an...

6.4CVSS6.1AI score0.00501EPSS
CVE
CVE
added 2024/08/30 9:29 a.m.55 views

CVE-2024-7122

CVE-2024-7122 : The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 1.13.6 due to insufficient input sanitization and output escaping on user attributes. authenticated attackers with Contributor+ privileges can inject scripts execut...

6.4CVSS5.5AI score0.00381EPSS
CVE
CVE
added 2024/06/27 4:4 a.m.54 views

CVE-2024-4569

CVE-2024-4569 affects Elementor Addon Elements for WordPress (≤1.13.5). It is a Stored XSS via the url parameter due to insufficient input sanitization and output escaping. Exploitation requires at least contributor+ privileges (authenticated). Wordfence lists this CVE as patched for the plugin, ...

6.4CVSS5.5AI score0.00361EPSS
CVE
CVE
added 2024/10/06 9:45 a.m.50 views

CVE-2024-47366

CVE-2024-47366 is a stored XSS vulnerability in the WordPress plugin “WPVibes Elementor Addon Elements” affecting versions up to 1.13.6. The issue arises from improper input neutralization during web page generation, enabling stored cross-site scripting. Public references (Wordfence WordPress vul...

6.5CVSS5.9AI score0.00241EPSS
CVE
CVE
added 2025/01/15 12:44 p.m.49 views

CVE-2024-13215

The CVE-2024-13215 entry concerns the Elementor Addon Elements for WordPress. It describes a Sensitive Information Exposure in the render function of modules/modal-popup/widgets/modal-popup.php, enabling authenticated attackers with Contributor-level access or higher to extract private, pending, ...

4.3CVSS4.4AI score0.00503EPSS
CVE
CVE
added 2024/03/13 3:26 p.m.49 views

CVE-2024-1392

CVE-2024-1392 affects the WordPress plugin Elementor Addon Elements (versions

6.4CVSS5.8AI score0.00509EPSS
CVE
CVE
added 2024/10/12 9:39 a.m.49 views

CVE-2024-8902

CVE-2024-8902 affects the WordPress plugin Elementor Addon Elements (WPVibes). The vulnerability is an authenticated information disclosure via the function render_column in modules/data-table/widgets/data-table.php, allowing attackers with Contributor-level access and above to extract sensitive ...

4.3CVSS4.7AI score0.00368EPSS
CVE
CVE
added 2024/02/05 9:21 p.m.47 views

CVE-2024-0834

CVE-2024-0834 affects the WordPress plugin Elementor Addon Elements (versions

6.4CVSS5.6AI score0.00531EPSS
CVE
CVE
added 2024/03/13 3:27 p.m.45 views

CVE-2024-1393

Elementor Addon Elements for WordPress has Stored XSS via the Content Switcher widget (icon_align) in all versions up to 1.12.12. Root cause: insufficient input sanitization and output escaping. Affected: plugin versions

6.4CVSS6.1AI score0.00501EPSS
CVE
CVE
added 2024/03/13 3:26 p.m.39 views

CVE-2024-1422

The CVE-2024-1422 entry concerns the WordPress plugin Elementor Addon Elements. A stored XSS vulnerability exists in the modal popup widget’s effect setting across all versions up to 1.12.12 due to insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requi...

6.4CVSS5.8AI score0.005EPSS