cleantalk
Vulnerabilities and Security Researches

130+ Widgets | Best Addons For Elementor – FREE, CVE-2024-7791

CVE, Research URL

CVE-2024-7791

Home page URL

Security reports for 130+ Widgets | Best Addons For Elementor – FREE

Application

130+ Widgets | Best Addons For Elementor – FREE

Published on
Aug 27, 2024
Research Description
The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arrow’ parameter within the Post Grid widget in all versions up to, and including, 1.4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.4.4.4.
Status
vulnerable
Previous vulnerability researches
130+ Widgets | Best Addons For Elementor – FREE (CVE-2024-54253) , Dec 11, 2024
130+ Widgets | Best Addons For Elementor – FREE (CVE-2024-12584) , Jan 08, 2025
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-2108) , Mar 21, 2025
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-32163) , Apr 05, 2025
130+ Widgets | Best Addons For Elementor – FREE (CVE-2024-2250) , Jun 07, 2024
New vulnerability
Raptive Ads (CVE-2025-32554) , Apr 17, 2025
Contact Form by Supsystic (CVE-2024-13452) , Apr 17, 2025
Affiliate Links Lite (CVE-2025-32639) , Apr 17, 2025
Administrator Z (CVE-2025-26959) , Apr 17, 2025
Simple Social Media Share Buttons – Social Sharing for Everyone (CVE-2024-13610) , Apr 17, 2025