Vulnerabilities and security researches forelement-ready-lite element-ready-lite

Apr 18, 2025

CVE, Research URL: CVE-2025-39546
Home page URL: Security reports for ElementsReady Addons for Elementor
Application: ElementsReady Addons for Elementor
Date: Apr 16, 2025
Research Description: ElementsReady Addons for Elementor [element-ready-lite] < 6.6.3 CVE-2025-39546 [en] Cross-Site Request Forgery (CSRF) vulnerability in quomodosoft ElementsReady Addons for Elementor allows Cross Site Request Forgery. This issue affects ElementsReady Addons for Elementor: from n/a through 6.6.2.
Affected versions: Min -, max -.
Status: vulnerable

Dec 18, 2024

CVE, Research URL: CVE-2024-10356
Home page URL: Security reports for ElementsReady Addons for Elementor
Application: ElementsReady Addons for Elementor
Date: Dec 17, 2024
Research Description: The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
Affected versions: Min -, max -.
Status: vulnerable

Dec 11, 2024

CVE, Research URL: CVE-2024-54224
Home page URL: Security reports for ElementsReady Addons for Elementor
Application: ElementsReady Addons for Elementor
Date: Dec 09, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows DOM-Based XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.7.
Affected versions: Min -, max -.
Status: vulnerable

Nov 08, 2024

CVE, Research URL: CVE-2024-51787
Home page URL: Security reports for ElementsReady Addons for Elementor
Application: ElementsReady Addons for Elementor
Date: Nov 09, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.3.
Affected versions: Min -, max -.
Status: vulnerable

Oct 17, 2024

CVE, Research URL: CVE-2024-9444
Home page URL: Security reports for ElementsReady Addons for Elementor
Application: ElementsReady Addons for Elementor
Date: Oct 16, 2024
Research Description: The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Affected versions: Min -, max -.
Status: vulnerable

Oct 03, 2024

CVE, Research URL: CVE-2024-47353
Home page URL: Security reports for ElementsReady Addons for Elementor
Application: ElementsReady Addons for Elementor
Date: Oct 12, 2024
Research Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in QuomodoSoft ElementsReady Addons for Elementor.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2.
Affected versions: Min -, max -.
Status: vulnerable

Sep 29, 2024

CVE, Research URL: CVE-2024-47329
Home page URL: Security reports for ElementsReady Addons for Elementor
Application: ElementsReady Addons for Elementor
Date: Oct 06, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.0.
Affected versions: Min -, max -.
Status: vulnerable

Jul 22, 2024

CVE, Research URL: CVE-2024-5152
Home page URL: Security reports for ElementsReady Addons for Elementor
Application: ElementsReady Addons for Elementor
Date: Jun 06, 2024
Research Description: The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: CVE-2024-34374
Home page URL: Security reports for ElementsReady Addons for Elementor
Application: ElementsReady Addons for Elementor
Date: May 07, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 5.8.0.
Affected versions: Min -, max -.
Status: vulnerable