cleantalk
Vulnerabilities and Security Researches

Themesflat Addons For Elementor, CVE-2024-12205

CVE, Research URL

CVE-2024-12205

Home page URL

Security reports for Themesflat Addons For Elementor

Application

Themesflat Addons For Elementor

Published on
Jan 08, 2025
Research Description
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider Widget in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 2.2.5.
Status
vulnerable
Previous vulnerability researches
Themesflat Addons For Elementor (CVE-2025-31567) , Apr 02, 2025
Themesflat Addons For Elementor (CVE-2024-49310) , Oct 19, 2024
Themesflat Addons For Elementor (CVE-2024-8516) , Sep 26, 2024
Themesflat Addons For Elementor (CVE-2024-4458) , Jul 22, 2024
Themesflat Addons For Elementor (CVE-2024-8515) , Sep 26, 2024
New vulnerability
Emma for WordPress (CVE-2025-32166) , Apr 06, 2025
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2025-32134) , Apr 06, 2025
Simple WP Events (CVE-2025-32193) , Apr 06, 2025
Post to Social Media – WordPress to Hootsuite (CVE-2025-32267) , Apr 06, 2025
Easy WP Optimizer – Optimize DB & WordPress (CVE-2025-32147) , Apr 06, 2025