Vulnerabilities and security researches forextensions-for-elementor extensions-for-elementor

Jul 01, 2024

CVE, Research URL: CVE-2024-5666
Home page URL: Security reports for Extensions for Elementor
Application: Extensions for Elementor
Date: Jun 29, 2024
Research Description: The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 2.0.31.
Status: vulnerable

Jul 10, 2024

CVE, Research URL: CVE-2024-4868
Home page URL: Security reports for Extensions for Elementor
Application: Extensions for Elementor
Date: Jul 09, 2024
Research Description: The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's EE Events and EE Flipbox widgets in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 2.0.31.
Status: vulnerable

Aug 04, 2024

CVE, Research URL: CVE-2024-39668
Home page URL: Security reports for Extensions for Elementor
Application: Extensions for Elementor
Date: Aug 02, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor allows Stored XSS.This issue affects Extensions for Elementor: from n/a through 2.0.31.
Affected versions: max 2.0.32.
Status: vulnerable

Nov 21, 2024

CVE, Research URL: CVE-2024-52471
Home page URL: Security reports for Extensions for Elementor
Application: Extensions for Elementor
Date: Nov 20, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor allows Reflected XSS.This issue affects Extensions for Elementor: from n/a through 2.0.37.
Affected versions: max 2.0.40.
Status: vulnerable

Apr 03, 2025

CVE, Research URL: CVE-2025-31889
Home page URL: Security reports for Extensions for Elementor
Application: Extensions for Elementor
Date: Apr 02, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor. This issue affects Extensions for Elementor: from n/a through 2.0.40.
Affected versions: max 2.0.40.
Status: vulnerable