Vulnerabilities and security researches forresponsive-add-ons responsive-add-ons

Mar 30, 2026

CVE, Research URL: CVE-2025-15488
Home page URL: Security reports for Responsive Starter Templates – Elementor & WordPress Templates
Application: Responsive Starter Templates – Elementor & WordPress Templates
Date: Mar 26, 2026
Research Description: The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software allowing unauthenticated users to execute the update_responsive_woo_free_shipping_left_shortcode AJAX action that does not properly validate the content_rech_data parameter before processing it as a shortcode.
Affected versions: max 3.4.3.
Status: vulnerable

Jun 19, 2025

CVE, Research URL: CVE-2025-49856
Home page URL: Security reports for Responsive Starter Templates – Elementor & WordPress Templates
Application: Responsive Starter Templates – Elementor & WordPress Templates
Date: Jun 17, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in CyberChimps Responsive Plus allows Cross Site Request Forgery. This issue affects Responsive Plus: from n/a through 3.2.2.
Affected versions: max 3.2.3.
Status: vulnerable

Jun 04, 2025

CVE, Research URL: CVE-2025-48335
Home page URL: Security reports for Responsive Starter Templates – Elementor & WordPress Templates
Application: Responsive Starter Templates – Elementor & WordPress Templates
Date: Jun 06, 2025
Research Description: Missing Authorization vulnerability in CyberChimps Responsive Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through 3.2.0.
Affected versions: max 3.2.1.
Status: vulnerable

May 09, 2025

CVE, Research URL: CVE-2025-47486
Home page URL: Security reports for Responsive Starter Templates – Elementor & WordPress Templates
Application: Responsive Starter Templates – Elementor & WordPress Templates
Date: May 07, 2025
Research Description: Missing Authorization vulnerability in CyberChimps Gutenberg & Elementor Templates Importer For Responsive allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Gutenberg & Elementor Templates Importer For Responsive: from n/a through 3.1.9.
Affected versions: max 3.2.0.
Status: vulnerable

Feb 18, 2025

CVE, Research URL: CVE-2024-13834
Home page URL: Security reports for Responsive Starter Templates – Elementor & WordPress Templates
Application: Responsive Starter Templates – Elementor & WordPress Templates
Date: Feb 15, 2025
Research Description: The Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.4 via the 'remote_request' function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected versions: max 3.1.5.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2024-5222
Home page URL: Security reports for Responsive Starter Templates – Elementor & WordPress Templates
Application: Responsive Starter Templates – Elementor & WordPress Templates
Date: Jun 05, 2024
Research Description: The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 3.0.6.
Status: vulnerable

CVE, Research URL: CVE-2020-12073
Home page URL: Security reports for Responsive Starter Templates – Elementor & WordPress Templates
Application: Responsive Starter Templates – Elementor & WordPress Templates
Date: Apr 23, 2020
Research Description: The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect access control for wp-admin/admin-ajax.php?action= requests.
Affected versions: max 2.6.9.
Status: vulnerable