Vulnerabilities and security researches forthemesflat-addons-for-elementor themesflat-addons-for-elementor

Direction: descending

Apr 02, 2025

Themesflat Addons For Elementor # CVE-2025-31567

CVE, Research URL: CVE-2025-31567
Home page URL: Security reports for Themesflat Addons For Elementor
Application: Themesflat Addons For Elementor
Date: Mar 31, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS. This issue affects Themesflat Addons For Elementor: from n/a through 2.2.5.
Affected versions: Min -, max -.
Status: vulnerable

Jan 09, 2025

Themesflat Addons For Elementor # CVE-2024-12205

CVE, Research URL: CVE-2024-12205
Home page URL: Security reports for Themesflat Addons For Elementor
Application: Themesflat Addons For Elementor
Date: Jan 08, 2025
Research Description: The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider Widget in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Dec 09, 2024

Themesflat Addons For Elementor # CVE-2024-53796

CVE, Research URL: CVE-2024-53796
Home page URL: Security reports for Themesflat Addons For Elementor
Application: Themesflat Addons For Elementor
Date: Dec 06, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows DOM-Based XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.2.
Affected versions: Min -, max -.
Status: vulnerable

Oct 19, 2024

Themesflat Addons For Elementor # CVE-2024-49310

CVE, Research URL: CVE-2024-49310
Home page URL: Security reports for Themesflat Addons For Elementor
Application: Themesflat Addons For Elementor
Date: Oct 18, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.0.
Affected versions: Min -, max -.
Status: vulnerable

Sep 26, 2024

Themesflat Addons For Elementor # CVE-2024-8516

CVE, Research URL: CVE-2024-8516
Home page URL: Security reports for Themesflat Addons For Elementor
Application: Themesflat Addons For Elementor
Date: Sep 25, 2024
Research Description: The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract limited post information from draft and future scheduled posts.
Affected versions: Min -, max -.
Status: vulnerable

Themesflat Addons For Elementor # CVE-2024-8515

CVE, Research URL: CVE-2024-8515
Home page URL: Security reports for Themesflat Addons For Elementor
Application: Themesflat Addons For Elementor
Date: Sep 25, 2024
Research Description: The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like 'TF E Slider Widget', 'TF Video Widget', 'TF Team Widget' and more in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on URL attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jul 22, 2024

Themesflat Addons For Elementor # CVE-2024-4458

CVE, Research URL: CVE-2024-4458
Home page URL: Security reports for Themesflat Addons For Elementor
Application: Themesflat Addons For Elementor
Date: Jun 06, 2024
Research Description: The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in several widgets via URL parameters in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Themesflat Addons For Elementor # CVE-2024-4459

CVE, Research URL: CVE-2024-4459
Home page URL: Security reports for Themesflat Addons For Elementor
Application: Themesflat Addons For Elementor
Date: Jun 06, 2024
Research Description: The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget's titles in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Themesflat Addons For Elementor # CVE-2024-2922

CVE, Research URL: CVE-2024-2922
Home page URL: Security reports for Themesflat Addons For Elementor
Application: Themesflat Addons For Elementor
Date: Jun 06, 2024
Research Description: The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget tags in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Themesflat Addons For Elementor # CVE-2024-4212

CVE, Research URL: CVE-2024-4212
Home page URL: Security reports for Themesflat Addons For Elementor
Application: Themesflat Addons For Elementor
Date: Jun 06, 2024
Research Description: The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TF Group Image, TF Nav Menu, TF Posts, TF Woo Product Grid, TF Accordion, and TF Image Box widgets in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

Themesflat Addons For Elementor # CVE-2024-35666

CVE, Research URL: CVE-2024-35666
Home page URL: Security reports for Themesflat Addons For Elementor
Application: Themesflat Addons For Elementor
Date: Jun 04, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.1.2.
Affected versions: Min -, max -.
Status: vulnerable

Themesflat Addons For Elementor # CVE-2023-37390

CVE, Research URL: CVE-2023-37390
Home page URL: Security reports for Themesflat Addons For Elementor
Application: Themesflat Addons For Elementor
Date: Dec 19, 2023
Research Description: Deserialization of Untrusted Data vulnerability in Themesflat Themesflat Addons For Elementor.This issue affects Themesflat Addons For Elementor: from n/a through 2.0.0.
Affected versions: Min -, max -.
Status: vulnerable