Vulnerabilities and security researches foraddon-elements-for-elementor-page-builder addon-elements-for-elementor-page-builder

Direction: ascending

Jun 07, 2024

Elementor Addon Elements # CVE-2021-24259

CVE, Research URL: CVE-2021-24259
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: May 06, 2021
Research Description: The “Elementor Addon Elements” WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
Affected versions: Min -, max -.
Status: vulnerable

Elementor Addon Elements # CVE-2024-1392

CVE, Research URL: CVE-2024-1392
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Mar 13, 2024
Research Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1_icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Elementor Addon Elements # CVE-2024-1391

CVE, Research URL: CVE-2024-1391
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Mar 13, 2024
Research Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eae_custom_overlay_switcher’ attribute of the Thumbnail Slider widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Elementor Addon Elements # CVE-2024-0834

CVE, Research URL: CVE-2024-0834
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Feb 06, 2024
Research Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_to parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Elementor Addon Elements # CVE-2023-4690

CVE, Research URL: CVE-2023-4690
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Nov 16, 2023
Research Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_config function. This makes it possible for unauthenticated attackers to change configuration settings for the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Elementor Addon Elements # CVE-2023-4723

CVE, Research URL: CVE-2023-4723
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Nov 16, 2023
Research Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of with pending/draft/future/private status.
Affected versions: Min -, max -.
Status: vulnerable

Elementor Addon Elements # CVE-2023-5381

CVE, Research URL: CVE-2023-5381
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Nov 16, 2023
Research Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: Min -, max -.
Status: vulnerable

Elementor Addon Elements # CVE-2024-1358

CVE, Research URL: CVE-2024-1358
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Mar 13, 2024
Research Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on the server, which may expose sensitive information.
Affected versions: Min -, max -.
Status: vulnerable

Elementor Addon Elements # CVE-2023-4689

CVE, Research URL: CVE-2023-4689
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Nov 16, 2023
Research Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_elements function. This makes it possible for unauthenticated attackers to enable/disable elementor addon elements via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Elementor Addon Elements # CVE-2024-2091

CVE, Research URL: CVE-2024-2091
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Mar 28, 2024
Research Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.13.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Elementor Addon Elements # CVE-2024-29107

CVE, Research URL: CVE-2024-29107
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Mar 19, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.12.10.
Affected versions: Min -, max -.
Status: vulnerable

Elementor Addon Elements # CVE-2024-2792

CVE, Research URL: CVE-2024-2792
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Apr 10, 2024
Research Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Elementor Addon Elements # CVE-2024-1393

CVE, Research URL: CVE-2024-1393
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Mar 13, 2024
Research Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'icon_align' attribute of the Content Switcher widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Elementor Addon Elements # CVE-2024-3743

CVE, Research URL: CVE-2024-3743
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: May 02, 2024
Research Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group, Shape Separator, Content Switcher, Info Circle and Timeline widgets in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Elementor Addon Elements # CVE-2024-1422

CVE, Research URL: CVE-2024-1422
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Mar 13, 2024
Research Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget's effect setting in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Elementor Addon Elements # CVE-2024-30422

CVE, Research URL: CVE-2024-30422
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Mar 28, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.1.
Affected versions: Min -, max -.
Status: vulnerable

Jun 13, 2024

Elementor Addon Elements # CVE-2024-2092

CVE, Research URL: CVE-2024-2092
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Jun 12, 2024
Research Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jun 28, 2024

Elementor Addon Elements # CVE-2024-4569

CVE, Research URL: CVE-2024-4569
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Jun 27, 2024
Research Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Elementor Addon Elements # CVE-2024-4570

CVE, Research URL: CVE-2024-4570
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Jun 27, 2024
Research Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Aug 31, 2024

Elementor Addon Elements # CVE-2024-7122

CVE, Research URL: CVE-2024-7122
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Aug 30, 2024
Research Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Elementor Addon Elements # CVE-2024-4401

CVE, Research URL: CVE-2024-4401
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Aug 30, 2024
Research Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Oct 03, 2024

Elementor Addon Elements # CVE-2024-47366

CVE, Research URL: CVE-2024-47366
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Oct 06, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.6.
Affected versions: Min -, max -.
Status: vulnerable

Elementor Addon Elements # CVE-2024-47361

CVE, Research URL: CVE-2024-47361
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in WPVibes Elementor Addon Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Addon Elements: from n/a through 1.13.6.
Affected versions: Min -, max -.
Status: vulnerable

Oct 13, 2024

Elementor Addon Elements # CVE-2024-8902

CVE, Research URL: CVE-2024-8902
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Oct 12, 2024
Research Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/widgets/data-table.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
Affected versions: Min -, max -.
Status: vulnerable

Nov 15, 2024

Elementor Addon Elements # CVE-2022-4974

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: Min -, max -.
Status: vulnerable

Jan 17, 2025

Elementor Addon Elements # CVE-2024-13215

CVE, Research URL: CVE-2024-13215
Home page URL: Security reports for Elementor Addon Elements
Application: Elementor Addon Elements
Date: Jan 15, 2025
Research Description: The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data.
Affected versions: Min -, max -.
Status: vulnerable