Elementskit Elementor Addons Security Vulnerabilities and Issues — Elementskit Elementor Addons CVE List

Lucene search

WpmetElementskit Elementor Addons

7 matches found

CVE•added 2025/02/19 12:15 p.m.•114 views

CVE-2025-0968

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This makes it possible for unauthenticated attackers to view any item created ...

5.3CVSS5.1AI score0.00083EPSS

CVE•added 2025/02/15 10:15 a.m.•72 views

CVE-2025-1005

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion widget in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for a...

6.4CVSS5.9AI score0.00037EPSS

CVE•added 2025/03/29 8:15 a.m.•59 views

CVE-2024-11180

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer Widget ekit_countdown_timer_title parameter in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping. This makes it possible for a...

6.4CVSS5.9AI score0.0002EPSS

CVE•added 2024/03/16 3:15 a.m.•54 views

CVE-2023-6525

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS7.7AI score0.00149EPSS

CVE•added 2024/09/25 1:15 p.m.•51 views

CVE-2024-8546

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video widget in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

6.4CVSS5.5AI score0.0004EPSS

CVE•added 2025/06/19 4:15 a.m.•10 views

CVE-2025-4479

The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin image comparison widget's before/after labels in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attri...

6.4CVSS5.7AI score0.00043EPSS

CVE•added 2025/07/24 11:15 p.m.•5 views

CVE-2025-3614

The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of a custom widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ...

6.4CVSS5.5AI score0.00035EPSS