CVE-2025-0968

CVE-2025-0968 — The ElementsKit Elementor Addons and Templates for WordPress suffers a missing capability check in get_megamenu_content(), enabling unauthenticated access to sensitive items (posts, pages, templates, drafts, trashed/private items) in all versions up to 3.4.0. Connected documentati...

CVE-2024-11180

CVE-2024-11180 affects ElementsKit Elementor Addons and Templates (Elementor) with a Stored Cross-Site Scripting vulnerability in the ekit_countdown_timer_title parameter, exploitable on all versions up to 3.4.7 due to insufficient input sanitization/output escaping. Attackers with Contributor+ p...

CVE-2024-8546

CVE-2024-8546 : ElementsKit Elementor addons for WordPress (

CVE-2025-1005

CVE-2025-1005 affects ElementsKit Elementor Addons and Templates (WordPress) up to version 3.4.0. It is a Stored Cross-Site Scripting via the Image Accordion widget caused by insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires authenticated acces...

CVE-2023-6525

CVE-2023-6525 affects ElementsKit Elementor addons for WordPress. Vulnerability: Stored XSS in the progress bar element attributes due to insufficient input sanitization and output escaping. Affected versions: all up to and including 3.0.3. Impact: authenticated attackers with editor-level access...

CVE-2025-4479

CVE-2025-4479 corresponds to a stored XSS flaw in the ElementsKit Lite/ElementsKit Elementor Addons and Templates WordPress plugin (versions

CVE-2025-3614

CVE-2025-3614 relates to the ElementsKit Elementor Addons and Templates plugin for WordPress (versions up to 3.5.2). The vulnerability is a Stored Cross-Site Scripting (XSS) via the URL attribute of a custom widget, caused by insufficient input sanitization and output escaping. It is exploitable ...