Vulnerabilities and security researches forelementinvader-addons-for-elementor elementinvader-addons-for-elementor

Jun 07, 2024

CVE, Research URL: CVE-2024-2308
Home page URL: Security reports for ElementInvader Addons for Elementor
Application: ElementInvader Addons for Elementor
Date: Mar 16, 2024
Research Description: The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link in the EliSlider in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jul 15, 2024

CVE, Research URL: CVE-2024-38705
Home page URL: Security reports for ElementInvader Addons for Elementor
Application: ElementInvader Addons for Elementor
Date: Jul 20, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.4.
Affected versions: Min -, max -.
Status: vulnerable

Oct 03, 2024

CVE, Research URL: CVE-2024-47630
Home page URL: Security reports for ElementInvader Addons for Elementor
Application: ElementInvader Addons for Elementor
Date: Oct 05, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.7.
Affected versions: Min -, max -.
Status: vulnerable

Oct 17, 2024

CVE, Research URL: CVE-2024-9888
Home page URL: Security reports for ElementInvader Addons for Elementor
Application: ElementInvader Addons for Elementor
Date: Oct 16, 2024
Research Description: The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget redirect URL in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Oct 20, 2024

CVE, Research URL: CVE-2024-9889
Home page URL: Security reports for ElementInvader Addons for Elementor
Application: ElementInvader Addons for Elementor
Date: Oct 19, 2024
Research Description: The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9 via the Page Loader widget. This makes it possible for authenticated attackers, with contributor-level access and above, to view private/draft/password protected posts, pages, and Elementor templates that they should not have access to.
Affected versions: Min -, max -.
Status: vulnerable

Dec 12, 2024

CVE, Research URL: CVE-2024-12059
Home page URL: Security reports for ElementInvader Addons for Elementor
Application: ElementInvader Addons for Elementor
Date: Dec 12, 2024
Research Description: The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract arbitrary options from the wp_options table.
Affected versions: Min -, max -.
Status: vulnerable

Jan 17, 2025

CVE, Research URL: CVE-2025-22786
Home page URL: Security reports for ElementInvader Addons for Elementor
Application: ElementInvader Addons for Elementor
Date: Jan 15, 2025
Research Description: Path Traversal vulnerability in ElementInvader ElementInvader Addons for Elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.6.
Affected versions: Min -, max -.
Status: vulnerable

Jan 25, 2025

CVE, Research URL: CVE-2025-24729
Home page URL: Security reports for ElementInvader Addons for Elementor
Application: ElementInvader Addons for Elementor
Date: Jan 24, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.3.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-24618
Home page URL: Security reports for ElementInvader Addons for Elementor
Application: ElementInvader Addons for Elementor
Date: Jan 24, 2025
Research Description: Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.1.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-24578
Home page URL: Security reports for ElementInvader Addons for Elementor
Application: ElementInvader Addons for Elementor
Date: Jan 24, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows DOM-Based XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.0.
Affected versions: Min -, max -.
Status: vulnerable

Jun 15, 2025

CVE, Research URL: CVE-2025-48288
Home page URL: Security reports for ElementInvader Addons for Elementor
Application: ElementInvader Addons for Elementor
Date: May 19, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor allows Stored XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.5.
Affected versions: Min -, max -.
Status: vulnerable

Aug 28, 2025

CVE, Research URL: CVE-2025-58205
Home page URL: Security reports for ElementInvader Addons for Elementor
Application: ElementInvader Addons for Elementor
Date: Aug 27, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor allows DOM-Based XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.6.
Affected versions: Min -, max -.
Status: vulnerable