Piotnet Addons For Elementor Pro vulnerabilities
6 known vulnerabilities affecting piotnet/piotnet_addons_for_elementor_pro.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2026-4885P2CRITICALCVSS 9.8≤ 7.1.702026-05-19
CVE-2026-4885 [CRITICAL] CWE-434 CVE-2026-4885: The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due
The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, and exe extensions, while allowing danger
nvd
CVE-2024-33635P3HIGHCVSS 7.5≥ n/a, ≤ 7.1.172024-04-29
CVE-2024-33635 [HIGH] CWE-862 CVE-2024-33635: Missing Authorization vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects P
Missing Authorization vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.
nvd
CVE-2024-33631P4MEDIUMCVSS 6.5≥ n/a, ≤ 7.1.172024-04-29
CVE-2024-33631 [MEDIUM] CWE-79 CVE-2024-33631: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Stored XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.
nvd
CVE-2024-33633P4HIGHCVSS 7.1≥ n/a, ≤ 7.1.172024-04-29
CVE-2024-33633 [HIGH] CWE-79 CVE-2024-33633: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Reflected XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.
nvd
CVE-2024-33634P4MEDIUMCVSS 5.4≥ n/a, ≤ 7.1.172024-04-29
CVE-2024-33634 [MEDIUM] CWE-918 CVE-2024-33634: Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This is
Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.
nvd
CVE-2024-33632P4MEDIUMCVSS 5.4≥ n/a, ≤ 7.1.172024-04-29
CVE-2024-33632 [MEDIUM] CWE-352 CVE-2024-33632: Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This iss
Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.
nvd