Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-01-23
CVE-2024-13215 - Addon Elements For Elementor Page Builder Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data.
PLUGIN
Addon Elements For Elementor Page Builder
CVE-2024-13215
Risk Score
Threat Entry
Updated 2025-08-20
CVE-2024-7122 - Addon Elements For Elementor Page Builder Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Addon Elements For Elementor Page Builder
CVE-2024-7122
Risk Score
Threat Entry
Updated 2025-08-20
CVE-2024-4401 - Addon Elements For Elementor Page Builder Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Addon Elements For Elementor Page Builder
CVE-2024-4401
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4570 - Addon Elements For Elementor Page Builder Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Addon Elements For Elementor Page Builder
CVE-2024-4570
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4569 - Addon Elements For Elementor Page Builder Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Addon Elements For Elementor Page Builder
CVE-2024-4569
Risk Score
Threat Entry
Updated 2025-08-20
CVE-2024-2092 - Addon Elements For Elementor Page Builder Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Addon Elements For Elementor Page Builder
CVE-2024-2092
Risk Score
Threat Entry
Updated 2025-01-17
CVE-2024-3743 - Addon Elements For Elementor Page Builder Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group, Shape Separator, Content Switcher, Info Circle and Timeline widgets in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Addon Elements For Elementor Page Builder
CVE-2024-3743
Risk Score
Threat Entry
Updated 2025-01-17
CVE-2024-2792 - Addon Elements For Elementor Page Builder Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Addon Elements For Elementor Page Builder
CVE-2024-2792
Risk Score
Threat Entry
Updated 2025-01-17
CVE-2024-2091 - Addon Elements For Elementor Page Builder Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.13.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Addon Elements For Elementor Page Builder
CVE-2024-2091
Risk Score
Threat Entry
Updated 2025-01-17
CVE-2024-1422 - Addon Elements For Elementor Page Builder Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget's effect setting in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Addon Elements For Elementor Page Builder
CVE-2024-1422
Risk Score
Threat Entry
Updated 2025-01-17
CVE-2024-1393 - Addon Elements For Elementor Page Builder Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'icon_align' attribute of the Content Switcher widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Addon Elements For Elementor Page Builder
CVE-2024-1393
Risk Score
Threat Entry
Updated 2025-01-17
CVE-2024-1392 - Addon Elements For Elementor Page Builder Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1_icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Addon Elements For Elementor Page Builder
CVE-2024-1392
Risk Score
Threat Entry
Updated 2025-01-17
CVE-2024-1391 - Addon Elements For Elementor Page Builder Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eae_custom_overlay_switcher’ attribute of the Thumbnail Slider widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Addon Elements For Elementor Page Builder
CVE-2024-1391
Risk Score
Threat Entry
Updated 2025-01-17
CVE-2024-1358 - Addon Elements For Elementor Page Builder Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on the server, which may expose sensitive information.
PLUGIN
Addon Elements For Elementor Page Builder
CVE-2024-1358
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0834 - Addon Elements For Elementor Page Builder Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_to parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Addon Elements For Elementor Page Builder
CVE-2024-0834
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4690 - Addon Elements For Elementor Page Builder Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_config function. This makes it possible for unauthenticated attackers to change configuration settings for the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Addon Elements For Elementor Page Builder
CVE-2023-4690
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4689 - Addon Elements For Elementor Page Builder Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_elements function. This makes it possible for unauthenticated attackers to enable/disable elementor addon elements via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Addon Elements For Elementor Page Builder
CVE-2023-4689
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4723 - Addon Elements For Elementor Page Builder Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of with pending/draft/future/private status.
PLUGIN
Addon Elements For Elementor Page Builder
CVE-2023-4723
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5381 - Addon Elements For Elementor Page Builder Plugin
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
PLUGIN
Addon Elements For Elementor Page Builder
CVE-2023-5381
Risk Score