Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elementor vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-47827
Incorrect Authorization vulnerability in NicheAddons Events Addon for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Events Addon for Elementor: from n/a up to and including 2.1.3.
Nicheaddons Events Addon For Elementor
8.8
CVSSv3
CVE-2023-52150
Cross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dynamic Content for Elementor.This issue affects Dynamic Content for Elementor: from n/a prior to 2.12.5.
Ovation Dynamic Content For Elementor
8.8
CVSSv3
CVE-2022-47169
Cross-Site Request Forgery (CSRF) vulnerability in StaxWP Visibility Logic for Elementor plugin <= 2.3.4 versions.
Staxwp Visibility Logic For Elementor
5.3
CVSSv3
CVE-2023-3779
The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthen...
Wpdeveloper Essential Addons For Elementor
6.1
CVSSv3
CVE-2022-0327
The Master Addons for Elementor WordPress plugin prior to 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX action, available to unauthenticated and authenticated users, leading to a Reflect...
Jeweltheme Master Addons For Elementor
8.8
CVSSv3
CVE-2022-45067
Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions.
Devscred Exclusive Addons For Elementor
6.1
CVSSv3
CVE-2021-25027
The PowerPack Addons for Elementor WordPress plugin prior to 2.6.2 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
Ideabox Powerpack Addons For Elementor
9.8
CVSSv3
CVE-2022-0320
The Essential Addons for Elementor WordPress plugin prior to 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated malicious users to perform Local File Inclusion attack and read arbitrary files on the serv...
Wpdeveloper Essential Addons For Elementor
1 Github repository
5.4
CVSSv3
CVE-2021-24273
The “Clever Addons for Elementor” WordPress Plugin prior to 2.1.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
Cleversoft Clever Addons For Elementor
5.4
CVSSv3
CVE-2021-24292
The Happy Addons for Elementor WordPress plugin prior to 2.24.0, Happy Addons Pro for Elementor WordPress plugin prior to 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar meth...
Wedevs Happy Addons For Elementor
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »