cleantalk
Vulnerabilities and Security Researches

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders, CVE-2024-0954

CVE, Research URL

CVE-2024-0954

Home page URL

Security reports for Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Application

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Published on
Feb 06, 2024
Research Description
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the 'data-eael-wrapper-link' wrapper in all versions up to, and including, 5.9.7 due to insufficient input sanitization and output escaping on user supplied protocols. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 5.9.8.
Status
vulnerable
Previous vulnerability researches
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2024-39649) , Aug 07, 2024
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2024-7092) , Aug 13, 2024
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2024-9993) , Jun 15, 2025
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2022-0683) , Jun 07, 2024
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2024-1236) , Jun 07, 2024
New vulnerability
DIOT SCADA with MQTT (CVE-2025-4216) , Jun 16, 2025
Simple Newsletter Plugin – Noptin (CVE-2025-49871) , Jun 16, 2025
Job Board Manager (CVE-2025-49324) , Jun 16, 2025
Bitly URL Shortener (CVE-2025-30629) , Jun 16, 2025
ACF Onyx Poll (CVE-2025-5841) , Jun 16, 2025