55 matches found
CVE-2023-3779
The CVE-2023-3779 entry affects the WordPress plugin “Essential Addons for Elementor” (WPDeveloper) for WordPress, indicating that versions up to and including 5.8.1 disclose MailChimp API keys via source code added to pages using the MailChimp block. Root cause: unauthenticated disclosure of API...
CVE-2023-32243
CVE-2023-32243 affects the WordPress plugin Essential Addons for Elementor Lite (versions 5.4.0–5.7.1). The root cause is improper authentication that enables unauthenticated privilege escalation by abusing the password reset flow, allowing an attacker to reset an administrator’s password and tak...
CVE-2022-0320
The CVE-2022-0320 entry documents a Local File Inclusion (LFI) vulnerability in the WordPress plugin Essential Addons for Elementor, affecting versions prior to 5.0.5. The root cause is improper validation/sanitation of template data used in include statements, enabling unauthenticated attackers ...
CVE-2024-2974
CVE-2024-2974 affects the WordPress plugin “Essential Addons for Elementor” (Lite) up to version 5.9.13, exposing sensitive information via the load_more function. Unauthenticated attackers may extract private and draft posts. Red Hat and NVD entries corroborate the same impact and version range....
CVE-2022-0683
CVE-2022-0683 affects the WordPress plugin WordPress Essential Addons for Elementor Lite. The vulnerability is a Cross-Site Scripting (XSS) due to insufficient escaping and sanitization of the settings parameter found in includes/Traits/Helper.php, exploitable when a user clicks a crafted link. A...
CVE-2024-9993
CVE-2024-9993 affects the Essential Addons for Elementor plugin (Event Calendar Widget). A stored XSS exists in the eael_event_details_text attribute, exploitable by authenticated users with Contributor+ rights (attackers can inject scripts that execute when others view injected pages). Affected ...
CVE-2025-24752
CVE-2025-24752 is a reflected Cross-Site Scripting vulnerability in the WordPress plugin “Essential Addons for Elementor” (versions up to 6.0.14). Root cause: improper input neutralization during web page generation allowing reflection of injected payloads via parameters such as popup-selector. A...
CVE-2024-9994
CVE-2024-9994 affects the WordPress plugin Essential Addons for Elementor – Pricing Table Widget. Vulnerable component: eael_pricing_item_tooltip_content; vulnerability type: Stored Cross-Site Scripting (XSS) due to insufficient input sanitization/output escaping. Affected versions: all up to 6.1...
CVE-2024-3018
CVE-2024-3018 affects the WordPress plugin Essential Addons for Elementor (Best Elementor Templates, Widgets, Kits & WooCommerce Builders). The vulnerability arises from PHP Object Injection via deserialization of untrusted input in the error_resetpassword attribute of the Login | Register Form w...
CVE-2024-3333
CVE-2024-3333 affects Essential Addons for Elementor (WordPress). It is a Stored XSS via widget URL attributes in versions up to 5.9.14, exploitable by authenticated attackers with contributor-level access or higher; scripts run when users visit injected pages. CVSS v3.1 base score 6.4 (AV:N/AC:L...
CVE-2024-4624
CVE-2024-4624 affects WordPress plugin Essential Addons for Elementor (Lite) up to version 5.9.20. Stored XSS via the eael_ext_toc_title_tag parameter arises from insufficient input sanitization and output escaping, enabling authenticated attackers with contributor+ permissions to inject scripts ...
CVE-2024-5073
CVE-2024-5073 affects the WordPress plugin Essential Addons for Elementor (Lite) up to version 5.9.21, with Stored Cross-Site Scripting via the Twitter Feed component. The issue arises from insufficient input sanitization and output escaping, enabling authenticated attackers with Contributor+ pri...
CVE-2024-3728
CVE-2024-3728 : The WordPress plugin Essential Addons for Elementor Lite (all versions up to 5.9.15) is affected by a stored XSS in the Filterable Gallery and Interactive Circle widgets due to insufficient input sanitization and output escaping. An authenticated attacker with contributor+ privile...
CVE-2024-4003
CVE-2024-4003 affects the WordPress plugin Essential Addons for Elementor – stored XSS via eael_team_members_image_rounded in the Team Members widget; all versions up to 5.9.15 are affected. Exploitation requires an authenticated user with contributor+ rights; scripts can execute when a user visi...
CVE-2024-8961
The vulnerability CVE-2024-8961 affects the WordPress plugin Essential Addons for Elementor (Lite) up to version 6.0.7. It is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient input sanitization and output escaping in the nomore_items_text parameter, exploitable by authenticated att...
CVE-2024-56063
CVE-2024-56063 affects Essential Addons for Elementor (WPDeveloper) up to version 6.0.7. It is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization during web page generation. Exploitation is described as requiring Authentication (Contributor+) to trigger the ...
CVE-2024-39649
CVE-2024-39649 is a stored XSS in WPDeveloper Essential Addons for Elementor (Lite) up to version 5.9.26. Affected component: Essential Addons for Elementor plugin. Root cause: improper neutralization of input during web page generation. Impact per sources: potential stored XSS in affected pages;...
CVE-2024-4156
CVE-2024-4156 affects the Essential Addons for Elementor plugin for WordPress (lite) and enables Stored XSS via the eael_event_text_color parameter due to insufficient input sanitization/output escaping. Affected versions are up to 5.9.17; exploitation requires contributor-level permissions and a...
CVE-2024-5189
CVE-2024-5189 : The WordPress plugin “Essential Addons for Elementor” (Lite) is affected up to version 5.9.23 by a Stored Cross-Site Scripting (XSS) flaw in the custom_js parameter due to insufficient input sanitization and output escaping. The vulnerability permits authenticated attackers with C...
CVE-2024-4275
CVE-2024-4275 affects the WordPress plugin Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders. The Stored XSS vulnerability is in the Interactive Circle widget due to insufficient input sanitization and output escaping on user-supplied attributes, allo...
CVE-2024-4448
CVE-2024-4448 affects the WordPress plugin “Essential Addons for Elementor Lite” (formerly “Best Elementor Templates, Widgets, Kits & WooCommerce Builders”). The vulnerability is a stored cross-site scripting (XSS) in the plugin’s widgets Dual Color Header, Event Calendar, and Advanced Data Table...
CVE-2025-39589
CVE-2025-39589 affects WPDeveloper Essential Addons for Elementor (versions n/a through 6.1.9). Vulnerability described as exposure of sensitive system information to an unauthorized control sphere, enabling retrieval of embedded sensitive data. CVSS v3.1 base score 4.3 (Medium). Public reports i...
CVE-2024-8742
CVE-2024-8742 affects the WordPress plugin Essential Addons for Elementor (vulnerable up to and including 6.0.3). The issue is a Stored Cross-Site Scripting in the Filterable Gallery widget caused by insufficient input sanitization and output escaping. Exploitation requires an authenticated user ...
CVE-2024-1171
The CVE-2024-1171 entry concerns the WordPress plugin Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders. A Stored Cross-Site Scripting (XSS) vulnerability exists in the Filterable Gallery Widget for versions up to and including 5.9.8, caused by insuff...
CVE-2024-8440
CVE-2024-8440 affects WordPress: Essential Addons for Elementor – Lite/All versions up to 6.0.3 are vulnerable to Authenticated (Contributor+) Stored XSS via the Fancy Text widget due to insufficient input sanitization and output escaping. Impact is injection of scripts in pages loaded by users. ...
CVE-2024-1172
CVE-2024-1172 Fluently affects the WordPress plugin Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders. A Stored Cross-Site Scripting flaw exists in the Accordion widget due to insufficient input sanitization and output escaping, enabling authenticated...
CVE-2024-2623
The CVE-2024-2623 entry concerns the WordPress plugin “Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders.” Connected sources confirm a Stored Cross-Site Scripting (XSS) vulnerability in the countdown widget’s message parameter caused by insufficient i...
CVE-2024-7092
CVE-2024-7092 corresponds to a Stored Cross-Site Scripting vulnerability in the WordPress plugin Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders. The root cause is insufficient input sanitization and output escaping in the no_more_items_text ...
CVE-2024-8978
CVE-2024-8978 affects the WordPress plugin Essential Addons for Elementor (
CVE-2024-1276
CVE-2024-1276 affects the WordPress plugin Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders. All versions up to and including 5.9.8 are vulnerable to a Stored XSS via the Content Ticker arrow attribute caused by insufficient input sanitization and ou...
CVE-2024-2650
The CVE-2024-2650 issue affects the WordPress plugin Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (Essential Addons for Elementor Lite). Root cause: Stored Cross-Site Scripting in the Woo Product Carousel widget due to insufficient input sanitiza...
CVE-2024-4449
CVE-2024-4449 maps to a Stored Cross-Site Scripting vulnerability in the WordPress plugin Essential Addons for Elementor – Lite (the “Best Elementor Templates, Widgets, Kits & WooCommerce Builders”). Affected versions are all up to 5.9.19, with the issue caused by insufficient input sanitization ...
CVE-2024-1236
CVE-2024-1236 – Essential Addons for Elementor (Lite) vulnerability summary: A stored cross-site scripting flaw exists in the Filterable Controls label icon parameter, affecting all versions up to and including 5.9.8. The issue stems from insufficient input sanitization and output escaping, enabl...
CVE-2024-3733
The CVE CVE-2024-3733 affects the WordPress plugin Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders. Affected versions are up to 5.9.15. The issue enables Sensitive Information Exposure via theajax_load_more(), eael_woo_pagination_product_ajax(), and...
CVE-2023-41955
CVE-2023-41955 is an Improper Privilege Management vulnerability in the WordPress plugin Essential Addons for Elementor (WPDeveloper). The flaw enables Privilege Escalation for authenticated users (Contributor/above) across versions up to 5.8.8 . The NVD entry lists a CVSS v3.1 base score of 8.8 ...
CVE-2021-24255
CVE-2021-24255 affects the WordPress plugin Essential Addons for Elementor Lite prior to version 4.5.4. The issue is a stored XSS in two widgets (as described in public CVE sources): input fields used by lower-privileged users (e.g., contributors) are not properly sanitized, allowing injected Jav...
CVE-2024-5612
CVE-2024-5612 affects Essential Addons for Elementor Pro (WordPress). A stored XSS flaw exists in the Lightbox & Modal widget via the eael_lightbox_open_btn_icon parameter in versions up to 5.8.15. An authenticated attacker with Contributor-level access or higher can inject scripts that execute w...
CVE-2023-32245
CVE-2023-32245 affects WordPress Essential Addons for Elementor Pro (versions up to and including 5.4.8). Connected sources specify a Server-Side Request Forgery (SSRF) vulnerability that is unauthenticated. The issue is mitigated by upgrading to version 5.4.9 or later. Exploitation status is not...
CVE-2021-4446
CVE-2021-4446 affects the WordPress plugin Essential Addons for Elementor (versions up to and including 4.6.4). The vulnerability is an authorization bypass caused by missing capability checks and nonce disclosure, enabling authenticated attackers with minimal privileges (e.g., a subscriber) to p...
CVE-2021-4447
CVE-2021-4447 affects the WordPress plugin Essential Addons for Elementor (versions up to 4.6.4). The root cause is a lack of access restrictions on who can add a registration form and a custom registration role to an Elementor page, enabling attackers with Elementor access to create a registrati...
CVE-2025-39590
CVE-2025-39590 corresponds to a Stored XSS in WPDeveloper Essential Addons for Elementor (affected: versions n/a–6.1.9). The vulnerability stems from improper input neutralization during Web Page Generation, enabling stored cross-site scripting. CVSS v3.1 metrics indicate a Network attack vector,...
CVE-2024-8979
CVE-2024-8979 affects the Essential Addons for Elementor plugin for WordPress (versions
CVE-2024-3645
CVE-2024-3645 affects the WordPress plugin Essential Addons for Elementor Pro (Counter widget). The vulnerability is a Stored Cross-Site Scripting (XSS) due to insufficient input sanitization and output escaping on user-supplied attributes (e.g., title_html_tag). Impact: authenticated attackers w...
CVE-2024-0585
CVE-2024-0585 concerns the WordPress plugin Essential Addons for Elementor – Lite/Pro (Best Elementor Templates, Widgets, Kits & WooCommerce Builders). It describes a Stored Cross-Site Scripting (XSS) flaw in the plugin’s Filterable Gallery widget caused by insufficient input sanitization and out...
CVE-2024-5188
CVE-2024-5188 describes a Stored Cross‑Site Scripting flaw in the WordPress plugin Essential Addons for Elementor – Lite (Best Elementor Templates, Widgets, Kits & WooCommerce Builders). The issue is due to insufficient input sanitization and output escaping in the function get_manual_calendar_ev...
CVE-2024-5086
CVE-2024-5086 affects Essential Addons for Elementor Pro (Team Member Carousel)
CVE-2023-32241
CVE-2023-32241 affects the WordPress plugin Essential Addons for Elementor Pro (v
CVE-2023-7044
CVE-2023-7044 affects the WordPress plugin Essential Addons for Elementor (Best Elementor Templates, Widgets, Kits & WooCommerce Builders). It is a stored XSS via a custom ID in versions up to and including 5.9.2 caused by insufficient input sanitization and output escaping. Exploitation requires...
CVE-2024-1536
CVE-2024-1536 affects the Essential Addons for Elementor plugin for WordPress (up to version 5.9.9). The issue is Stored XSS via the plugin’s Event Calendar widget caused by insufficient input sanitization and output escaping on user-supplied attributes. Attackers with contributor+ privileges can...
CVE-2024-0586
The CVE-2024-0586 entry concerns the WordPress plugin Essential Addons for Elementor (WPDeveloper) up to version 5.9.4, vulnerable to Stored Cross-Site Scripting via the Login/Register element due to insufficient input sanitization and output escaping on the custom login URL. The vulnerability pe...