Wpdeveloper Essential Addons For Elementor vulnerabilities
57 known vulnerabilities affecting wpdeveloper/essential_addons_for_elementor.
Total CVEs
57
CISA KEV
0
Public exploits
2
Exploited in wild
3
Severity breakdown
CRITICAL2HIGH5MEDIUM49LOW1
Vulnerabilities
Page 1 of 3
CVE-2023-32243P1CRITICALCVSS 9.8ExploitedPoC≥ 5.4.0, < 5.7.1≥ 5.4.0, ≤ 5.7.12023-05-12
CVE-2023-32243 [CRITICAL] CWE-287 CVE-2023-32243: Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
nvd
CVE-2025-24752P2MEDIUMCVSS 6.1ExploitedPoCfixed in 6.0.15≤ 6.0.142025-04-17
CVE-2025-24752 [MEDIUM] CWE-79 CVE-2025-24752: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Reflected XSS.This issue affects Essential Addons for Elementor: from n/a through <= 6.0.14.
nvd
CVE-2021-4446P1MEDIUMCVSS 4.3Exploitedfixed in 4.6.52024-10-16
CVE-2021-4446 [MEDIUM] CWE-862 CVE-2021-4446: The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in ver
The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to perform many unauthorized actions such as changing settings and
nvd
CVE-2022-0320P3CRITICALCVSS 9.8fixed in 5.0.52022-02-01
CVE-2022-0320 [CRITICAL] CWE-22 CVE-2022-0320: The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some
The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead to RCE via user uploaded files or other LFI to RCE tech
nvd
CVE-2021-4447P3HIGHCVSS 8.8fixed in 4.6.52024-10-16
CVE-2021-4447 [HIGH] CWE-862 CVE-2021-4447: The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in ve
The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers with access to the Elementor page builder to create a new reg
nvd
CVE-2023-41955P3HIGHCVSS 8.8fixed in 5.8.9≥ n/a, ≤ 5.8.82024-05-17
CVE-2023-41955 [HIGH] CWE-269 CVE-2023-41955: Improper Privilege Management vulnerability in WPDeveloper Essential Addons for Elementor allows Pri
Improper Privilege Management vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.This issue affects Essential Addons for Elementor: from n/a through 5.8.8.
nvd
CVE-2024-3018P3HIGHCVSS 8.8fixed in 5.9.142024-03-30
CVE-2024-3018 [HIGH] CWE-502 CVE-2024-3018: The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all
The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.13 via deserialization of untrusted input from the 'error_resetpassword' attribute of the "Login | Register Form" widget (disabled by default). This makes it possible for authenticated attackers, with author-level acces
nvd
CVE-2023-32245P3HIGHCVSS 8.8≤ 5.4.82023-11-18
CVE-2023-32245 [HIGH] CWE-352 CVE-2023-32245: Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro.Th
Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro.This issue affects Essential Addons for Elementor Pro: from n/a through 5.4.8.
nvd
CVE-2024-1536P3HIGHCVSS 7.4fixed in 5.9.102024-03-13
CVE-2024-1536 [HIGH] CWE-79 CVE-2024-1536: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's event calendar widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib
nvd
CVE-2024-3728P4MEDIUMCVSS 6.4fixed in 5.9.162024-05-02
CVE-2024-3728 [MEDIUM] CWE-79 CVE-2024-3728: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery & Interactive Circle widgets in all versions up to, and including, 5.9.15 due to insufficient input sanitization and output escaping on user supplied att
nvd
CVE-2024-1236P4MEDIUMCVSS 6.4fixed in 5.9.92024-02-29
CVE-2024-1236 [MEDIUM] CWE-79 CVE-2024-1236: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Filterable Controls label icon parameter in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authentic
nvd
CVE-2024-2623P4MEDIUMCVSS 6.4fixed in 5.9.122024-04-09
CVE-2024-2623 [MEDIUM] CWE-79 CVE-2024-2623: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget's message parameter in all versions up to, and including, 5.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticate
nvd
CVE-2024-1276P4MEDIUMCVSS 6.4fixed in 5.9.92024-02-29
CVE-2024-1276 [MEDIUM] CWE-79 CVE-2024-1276: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Content Ticker arrow attribute in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attac
nvd
CVE-2024-2650P4MEDIUMCVSS 6.4fixed in 5.9.112024-04-09
CVE-2024-2650 [MEDIUM] CWE-20 CVE-2024-2650: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the alignment parameter in the Woo Product Carousel widget in all versions up to, and including, 5.9.10 due to insufficient input sanitization and output escaping. This makes it possibl
nvd
CVE-2024-3645P4MEDIUMCVSS 6.4fixed in 5.8.122024-04-22
CVE-2024-3645 [MEDIUM] CWE-79 CVE-2024-3645: The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scrip
The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Counter widget in all versions up to, and including, 5.8.11 due to insufficient input sanitization and output escaping on user supplied attributes such as 'title_html_tag'. This makes it possible for authenticated attackers, with co
nvd
CVE-2024-8979P4MEDIUMCVSS 5.7fixed in 6.0.102024-11-15
CVE-2024-8979 [MEDIUM] CWE-200 CVE-2024-8979: The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Bu
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_lostpassword_user_email_controls' function. This makes it possible for authenticated attackers, with Author-lev
nvd
CVE-2024-8978P4MEDIUMCVSS 5.7fixed in 6.0.102024-11-15
CVE-2024-8978 [MEDIUM] CWE-200 CVE-2024-8978: The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Bu
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_register_user_email_controls' function. This makes it possible for authenticated attackers, with Contributor-le
nvd
CVE-2026-25440P4MEDIUMCVSS 5.3≥ n/a, < 6.6.02026-06-15
CVE-2026-25440 [MEDIUM] CWE-862 CVE-2026-25440: Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions.
Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions.
nvd
CVE-2022-0683P4MEDIUMCVSS 6.1≤ 5.0.82022-02-24
CVE-2022-0683 [MEDIUM] CWE-79 CVE-2022-0683: The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due t
The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the ~/includes/Traits/Helper.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an a
nvd
CVE-2024-1537P4MEDIUMCVSS 6.4fixed in 5.9.102024-03-13
CVE-2024-1537 [MEDIUM] CWE-79 CVE-2024-1537: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Data Table widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible
nvd
1 / 3Next →