Vulnerabilities and security researches forxpro-elementor-addons xpro-elementor-addons
Direction: ascendingJun 07, 2024
130+ Widgets | Best Addons For Elementor – FREE # CVE-2024-2250
- CVE, Research URL
- Date
- Mar 29, 2024
- Research Description
- The 130+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
130+ Widgets | Best Addons For Elementor – FREE # CVE-2024-34570
- CVE, Research URL
- Date
- May 08, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.3.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
130+ Widgets | Best Addons For Elementor – FREE # CVE-2024-4471
- CVE, Research URL
- Date
- May 23, 2024
- Research Description
- The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the 'export_content' function. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Thanks, Francesco
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
130+ Widgets | Best Addons For Elementor – FREE # CVE-2024-4440
- CVE, Research URL
- Date
- May 14, 2024
- Research Description
- The 140+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Aug 12, 2024
130+ Widgets | Best Addons For Elementor – FREE # CVE-2024-43150
- CVE, Research URL
- Date
- -
- Research Description
- 140+ Widgets | Xpro Addons For Elementor – FREE [xpro-elementor-addons] < 1.4.4.3 CVE-2024-43150
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Aug 28, 2024
130+ Widgets | Best Addons For Elementor – FREE # CVE-2024-7791
- CVE, Research URL
- Date
- Aug 27, 2024
- Research Description
- The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arrow’ parameter within the Post Grid widget in all versions up to, and including, 1.4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Nov 06, 2024
130+ Widgets | Best Addons For Elementor – FREE # CVE-2024-10319
- CVE, Research URL
- Date
- Nov 05, 2024
- Research Description
- The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the render function in widgets/content-toggle/layout/frontend.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Dec 11, 2024
130+ Widgets | Best Addons For Elementor – FREE # CVE-2024-54253
- CVE, Research URL
- Date
- Dec 09, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.6.1.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jan 08, 2025
130+ Widgets | Best Addons For Elementor – FREE # CVE-2024-12584
- CVE, Research URL
- Date
- -
- Research Description
- 140+ Widgets | Xpro Addons For Elementor – FREE [xpro-elementor-addons] < 1.4.6.3 CVE-2024-12584
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Mar 08, 2025
130+ Widgets | Best Addons For Elementor – FREE # CVE-2024-13649
- CVE, Research URL
- Date
- Mar 08, 2025
- Research Description
- The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.4.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Mar 21, 2025
130+ Widgets | Best Addons For Elementor – FREE # CVE-2025-2108
- CVE, Research URL
- Date
- Mar 20, 2025
- Research Description
- The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Site Title’ widget's 'title_tag' and 'html_tag' parameters in all versions up to, and including, 1.4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Apr 05, 2025
130+ Widgets | Best Addons For Elementor – FREE # CVE-2025-32163
- CVE, Research URL
- Date
- Apr 04, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS. This issue affects Xpro Elementor Addons: from n/a through 1.4.9.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable