Vulnerabilities and security researches forbetter-elementor-addons better-elementor-addons

Jan 10, 2026

CVE, Research URL: CVE-2025-12830
Home page URL: Security reports for Better Elementor Addons
Application: Better Elementor Addons
Date: Dec 12, 2025
Research Description: The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Slider widget in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.5.4.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Better Elementor Addons
Application: Better Elementor Addons
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: max 1.3.1.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-41656
Home page URL: Security reports for Better Elementor Addons
Application: Better Elementor Addons
Date: -
Research Description: The Better Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bea_admin_ajax() function hooked via an AJAX action in versions up to, and including, 1.3.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to save and reset the plugin's settings.
Affected versions: max 1.3.8.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2024-2280
Home page URL: Security reports for Better Elementor Addons
Application: Better Elementor Addons
Date: Mar 29, 2024
Research Description: The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget link URL values in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.4.2.
Status: vulnerable

CVE, Research URL: CVE-2024-33541
Home page URL: Security reports for Better Elementor Addons
Application: Better Elementor Addons
Date: Jun 04, 2024
Research Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BetterAddons Better Elementor Addons allows PHP Local File Inclusion.This issue affects Better Elementor Addons: from n/a through 1.4.1.
Affected versions: max 1.4.2.
Status: vulnerable

CVE, Research URL: CVE-2024-34432
Home page URL: Security reports for Better Elementor Addons
Application: Better Elementor Addons
Date: May 14, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BetterAddons Better Elementor Addons better-elementor-addons allows Stored XSS.This issue affects Better Elementor Addons: from n/a through 1.4.4.
Affected versions: max 1.4.5.
Status: vulnerable

CVE, Research URL: 0f51deb5a416fcf3f268c723162080f49c6c25c8
Home page URL: Security reports for Better Elementor Addons
Application: Better Elementor Addons
Date: Feb 28, 2022
Research Description: Better Elementor Addons [better-elementor-addons] < 1.3.9 WordPress Better Elementor Addons plugin < 1.3.1 - Sensitive Information Disclosure vulnerability Sensitive Information Disclosure vulnerability discovered in WordPress Better Elementor Addons plugin (versions < 1.3.1).
Affected versions: max 1.3.9.
Status: vulnerable

CVE, Research URL: CVE-2024-30423
Home page URL: Security reports for Better Elementor Addons
Application: Better Elementor Addons
Date: Mar 29, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BetterAddons Better Elementor Addons allows Stored XSS.This issue affects Better Elementor Addons: from n/a through 1.3.7.
Affected versions: max 1.3.8.
Status: vulnerable