Threat Entry Updated 2025-01-15

CVE-2024-1235 - Addons For Elementor Plugin

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom class field in all versions up to, and including, 8.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Addons For Elementor

CVE-2024-1235

MEDIUM CVSS 6.4 2024-02-29

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2024-0448 - Addons For Elementor Plugin

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Addons For Elementor

CVE-2024-0448

MEDIUM CVSS 6.4 2024-02-05

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24260 - Addons For Elementor Plugin

The “Livemesh Addons for Elementor” WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

PLUGIN Addons For Elementor

CVE-2021-24260

MEDIUM CVSS 5.4 2021-05-05

Risk Score

Open Full Technical Breakdown