cleantalk
Vulnerabilities and Security Researches

Themesflat Addons For Elementor, CVE-2024-4459

CVE, Research URL

CVE-2024-4459

Home page URL

Security reports for Themesflat Addons For Elementor

Application

Themesflat Addons For Elementor

Published on
Jun 06, 2024
Research Description
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget's titles in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 2.1.3.
Status
vulnerable
Previous vulnerability researches
Themesflat Addons For Elementor (CVE-2025-31567) , Apr 02, 2025
Themesflat Addons For Elementor (CVE-2024-49310) , Oct 19, 2024
Themesflat Addons For Elementor (CVE-2024-8516) , Sep 26, 2024
Themesflat Addons For Elementor (CVE-2024-4458) , Jul 22, 2024
Themesflat Addons For Elementor (CVE-2024-8515) , Sep 26, 2024
New vulnerability
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2025-32134) , Apr 06, 2025
Simple WP Events (CVE-2025-32193) , Apr 06, 2025
Post to Social Media – WordPress to Hootsuite (CVE-2025-32267) , Apr 06, 2025
Easy WP Optimizer – Optimize DB & WordPress (CVE-2025-32147) , Apr 06, 2025
Embed Chessboard (CVE-2025-32177) , Apr 06, 2025