cleantalk
Vulnerabilities and Security Researches

ElementsKit Elementor addons, CVE-2024-11180

CVE, Research URL

CVE-2024-11180

Home page URL

Security reports for ElementsKit Elementor addons

Application

ElementsKit Elementor addons

Published on
Mar 29, 2025
Research Description
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer Widget ekit_countdown_timer_title parameter in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 3.4.8.
Status
vulnerable
Previous vulnerability researches
Starter Templates — Elementor, WordPress & Beaver Builder Templates (CVE-2023-41805) , Jun 10, 2024
Starter Templates — Elementor, WordPress & Beaver Builder Templates (CVE-2024-47345) , Sep 30, 2024
Starter Templates — Elementor, WordPress & Beaver Builder Templates , Dec 24, 2024
Starter Templates — Elementor, WordPress & Beaver Builder Templates (CVE-2025-24568) , Jan 25, 2025
Starter Templates — Elementor, WordPress & Beaver Builder Templates (CVE-2024-4630) , Jun 06, 2024
New vulnerability
SoJ SoundSlides (CVE-2025-2249) , Apr 02, 2025
Zoho Subscriptions – Embed Payment Form (CVE-2025-30900) , Apr 02, 2025
Related Posts Widget with Thumbnails (CVE-2025-31570) , Apr 02, 2025
CoverManager (CVE-2025-31620) , Apr 02, 2025
Booster for WooCommerce (CVE-2024-12278) , Apr 02, 2025