cleantalk
Vulnerabilities and Security Researches

Better Elementor Addons, CVE-2024-2280

CVE, Research URL

CVE-2024-2280

Home page URL

Security reports for Better Elementor Addons

Application

Better Elementor Addons

Published on
Mar 29, 2024
Research Description
The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget link URL values in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.4.2.
Status
vulnerable
Previous vulnerability researches
Better Elementor Addons (CVE-2023-41656) , Jun 10, 2024
Better Elementor Addons (CVE-2022-4974) , Nov 15, 2024
Better Elementor Addons (CVE-2024-2280) , Jun 07, 2024
Better Elementor Addons (CVE-2024-33541) , Jun 07, 2024
Better Elementor Addons (CVE-2024-34432) , Jun 07, 2024
New vulnerability
WooMS (CVE-2025-57957) , Apr 20, 2026
Simple User Registration (CVE-2026-0844) , Apr 20, 2026
Kubio AI Page Builder (CVE-2026-5427) , Apr 20, 2026
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (CVE-2026-3330) , Apr 20, 2026
Sell Photo (2ce065d802b631a3fa4492d5366f0ffc4e0ee37b) , Apr 19, 2026