cleantalk
Vulnerabilities and Security Researches

130+ Widgets | Best Addons For Elementor – FREE, CVE-2024-13649

CVE, Research URL

CVE-2024-13649

Home page URL

Security reports for 130+ Widgets | Best Addons For Elementor – FREE

Application

130+ Widgets | Best Addons For Elementor – FREE

Published on
Mar 08, 2025
Research Description
The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.4.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.4.6.8.
Status
vulnerable
Previous vulnerability researches
130+ Widgets | Best Addons For Elementor – FREE (CVE-2024-54253) , Dec 11, 2024
130+ Widgets | Best Addons For Elementor – FREE (CVE-2024-12584) , Jan 08, 2025
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-2108) , Mar 21, 2025
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-32163) , Apr 05, 2025
130+ Widgets | Best Addons For Elementor – FREE (CVE-2024-2250) , Jun 07, 2024
New vulnerability
Raptive Ads (CVE-2025-32554) , Apr 17, 2025
Contact Form by Supsystic (CVE-2024-13452) , Apr 17, 2025
Affiliate Links Lite (CVE-2025-32639) , Apr 17, 2025
Administrator Z (CVE-2025-26959) , Apr 17, 2025
Simple Social Media Share Buttons – Social Sharing for Everyone (CVE-2024-13610) , Apr 17, 2025