La-Studioweb Element Kit For Elementor vulnerabilities
5 known vulnerabilities affecting la-studioweb/element_kit_for_elementor.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-10873P3HIGHCVSS 8.8fixed in 1.4.32024-11-23
CVE-2024-10873 [HIGH] CWE-98 CVE-2024-10873: The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion i
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the _load_template function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any P
nvd
CVE-2024-5349P3HIGHCVSS 8.8fixed in 1.3.92024-07-02
CVE-2024-5349 [HIGH] CWE-22 CVE-2024-5349: The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion i
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'map_style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP
nvd
CVE-2024-37479P3HIGHCVSS 8.8fixed in 1.3.92024-07-02
CVE-2024-37479 [HIGH] CWE-98 CVE-2024-37479: Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit for Elementor via "LaStudioKit
Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit for Elementor via "LaStudioKit Progress Bar" widget in New Post, specifically in the "progress_type" attribute.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.8.1.
nvd
CVE-2024-35725P3HIGHCVSS 8.8fixed in 1.3.7.42024-06-10
CVE-2024-35725 [HIGH] CWE-862 CVE-2024-35725: Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affe
Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.6.
nvd
CVE-2025-4943P4MEDIUMCVSS 5.4fixed in 1.5.32025-05-30
CVE-2025-4943 [MEDIUM] CWE-79 CVE-2025-4943: The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scri
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-lakit-element-link’ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inje
nvd