Vulnerabilities and security researches forpremium-addons-for-elementor premium-addons-for-elementor

Direction: ascending

Jun 07, 2024

Premium Addons for Elementor # CVE-2024-2664

CVE, Research URL: CVE-2024-2664
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Apr 10, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Premium Addons for Elementor # CVE-2021-24257

CVE, Research URL: CVE-2021-24257
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: May 06, 2021
Research Description: The “Premium Addons for Elementor” WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
Affected versions: Min -, max -.
Status: vulnerable

Premium Addons for Elementor # CVE-2024-1242

CVE, Research URL: CVE-2024-1242
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Feb 29, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Premium Addons for Elementor # CVE-2024-1680

CVE, Research URL: CVE-2024-1680
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Mar 13, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Settings URL of the Banner, Team Members, and Image Scroll widgets in all versions up to, and including, 4.10.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Premium Addons for Elementor # CVE-2024-31278

CVE, Research URL: CVE-2024-31278
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Apr 10, 2024
Research Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons for Elementor.This issue affects Premium Addons for Elementor: from n/a through 4.10.22.
Affected versions: Min -, max -.
Status: vulnerable

Premium Addons for Elementor # CVE-2024-0376

CVE, Research URL: CVE-2024-0376
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Apr 10, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Premium Addons for Elementor # CVE-2024-2399

CVE, Research URL: CVE-2024-2399
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Mar 15, 2024
Research Description: The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.10.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Premium Addons for Elementor # CVE-2024-24831

CVE, Research URL: CVE-2024-24831
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Feb 10, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16.
Affected versions: Min -, max -.
Status: vulnerable

Premium Addons for Elementor # CVE-2024-0326

CVE, Research URL: CVE-2024-0326
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Mar 13, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Link Wrapper functionality in all versions up to, and including, 4.10.17 due to insufficient input sanitization and output escaping on user supplied links. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Premium Addons for Elementor # CVE-2024-29106

CVE, Research URL: CVE-2024-29106
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Mar 19, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16.
Affected versions: Min -, max -.
Status: vulnerable

Premium Addons for Elementor # CVE-2024-3885

CVE, Research URL: CVE-2024-3885
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: May 02, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the subcontainer value parameter in all versions up to, and including, 4.10.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Premium Addons for Elementor # CVE-2024-4205

CVE, Research URL: CVE-2024-4205
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: May 31, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content() function in all versions up to, and including, 4.10.31. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve Elementor template data.
Affected versions: Min -, max -.
Status: vulnerable

Premium Addons for Elementor # CVE-2024-4376

CVE, Research URL: CVE-2024-4376
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: May 31, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. While 4.10.32 is patched, it is recommended to update to 4.10.33 because 4.10.32 caused a fatal error.
Affected versions: Min -, max -.
Status: vulnerable

Premium Addons for Elementor # CVE-2024-4379

CVE, Research URL: CVE-2024-4379
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: May 31, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Global Tooltip widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Premium Addons for Elementor # CVE-2024-2666

CVE, Research URL: CVE-2024-2666
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Apr 10, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Bullet List Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and attempts to edit the content.
Affected versions: Min -, max -.
Status: vulnerable

Premium Addons for Elementor # CVE-2024-32791

CVE, Research URL: CVE-2024-32791
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Apr 24, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.25.
Affected versions: Min -, max -.
Status: vulnerable

Premium Addons for Elementor # CVE-2024-3647

CVE, Research URL: CVE-2024-3647
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: May 02, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post ticker widget in all versions up to, and including, 4.10.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires the premium version of the plugin to be installed and activated in order to be exploited.
Affected versions: Min -, max -.
Status: vulnerable

Premium Addons for Elementor # CVE-2024-4378

CVE, Research URL: CVE-2024-4378
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: May 23, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's menu and shape widgets in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Premium Addons for Elementor # CVE-2024-2665

CVE, Research URL: CVE-2024-2665
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Apr 10, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button in all versions up to, and including, 4.10.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Premium Addons for Elementor # CVE-2024-4203

CVE, Research URL: CVE-2024-4203
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: May 02, 2024
Research Description: The Premium Addons Pro for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maps widget in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only affects sites running the premium version of the plugin.
Affected versions: Min -, max -.
Status: vulnerable

Jun 13, 2024

Premium Addons for Elementor # CVE-2024-5553

CVE, Research URL: CVE-2024-5553
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Jun 12, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses and edits an injected element, and subsequently clicks the element with the mouse scroll wheel.
Affected versions: Min -, max -.
Status: vulnerable

Jul 04, 2024

Premium Addons for Elementor # CVE-2024-6340

CVE, Research URL: CVE-2024-6340
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Jul 03, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 4.10.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jul 11, 2024

Premium Addons for Elementor # CVE-2024-37922

CVE, Research URL: CVE-2024-37922
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Jul 20, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.34.
Affected versions: Min -, max -.
Status: vulnerable

Jul 13, 2024

Premium Addons for Elementor # CVE-2024-6495

CVE, Research URL: CVE-2024-6495
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Jul 12, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text widget in all versions up to, and including, 4.10.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jul 22, 2024

Premium Addons for Elementor # CVE-2024-6434

CVE, Research URL: CVE-2024-6434
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Jul 04, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. This is due to processing user-supplied input as a regular expression. This makes it possible for authenticated attackers, with Author-level access and above, to create and query a malicious post title, resulting in slowing server resources.
Affected versions: Min -, max -.
Status: vulnerable

Aug 08, 2024

Premium Addons for Elementor # CVE-2024-6824

CVE, Research URL: CVE-2024-6824
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Aug 08, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'check_temp_validity' and 'update_template_title' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary content and update post and page titles.
Affected versions: Min -, max -.
Status: vulnerable

Sep 27, 2024

Premium Addons for Elementor # CVE-2024-8681

CVE, Research URL: CVE-2024-8681
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Sep 27, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Grid widget in all versions up to, and including, 4.10.52 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Oct 18, 2024

Premium Addons for Elementor # CVE-2021-4445

CVE, Research URL: CVE-2021-4445
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Oct 16, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the pa_dismiss_admin_notice AJAX action. This makes it possible for authenticated subscriber+ attackers to change arbitrary options with a restricted value of 1 on vulnerable WordPress sites.
Affected versions: Min -, max -.
Status: vulnerable

Oct 30, 2024

Premium Addons for Elementor # CVE-2024-10266

CVE, Research URL: CVE-2024-10266
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Oct 29, 2024
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Box widget in all versions up to, and including, 4.10.60 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Dec 23, 2024

Premium Addons for Elementor # CVE-2024-56225

CVE, Research URL: CVE-2024-56225
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Dec 31, 2024
Research Description: Missing Authorization vulnerability in Leap13 Premium Addons for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through 4.10.56.
Affected versions: Min -, max -.
Status: vulnerable

Jun 15, 2025

Premium Addons for Elementor # CVE-2025-4774

CVE, Research URL: CVE-2025-4774
Home page URL: Security reports for Premium Addons for Elementor
Application: Premium Addons for Elementor
Date: Jun 10, 2025
Research Description: The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable