Wpdeveloper Essential Addons For Elementor vulnerabilities
57 known vulnerabilities affecting wpdeveloper/essential_addons_for_elementor.
Total CVEs
57
CISA KEV
0
Public exploits
2
Exploited in wild
3
Severity breakdown
CRITICAL2HIGH5MEDIUM49LOW1
Vulnerabilities
Page 2 of 3
CVE-2024-3333P4MEDIUMCVSS 6.4fixed in 5.9.152024-04-17
CVE-2024-3333 [MEDIUM] CWE-79 CVE-2024-3333: The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting
The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attributes of widgets in all versions up to, and including, 5.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and
nvd
CVE-2023-3779P4MEDIUMCVSS 5.3≤ 5.8.12023-07-20
CVE-2023-3779 [MEDIUM] CWE-200 CVE-2023-3779: The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key dis
The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site's MailChimp API key. We recommend rese
nvd
CVE-2024-2974P4MEDIUMCVSS 5.3fixed in 5.9.142024-04-09
CVE-2024-2974 [MEDIUM] CWE-200 CVE-2024-2974: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the load_more function. This can allow unauthenticated attackers to extract sensitive data including private and draft posts.
nvd
CVE-2026-23543P4MEDIUMCVSS 5.3≤ 6.5.52026-02-19
CVE-2026-23543 [MEDIUM] CWE-862 CVE-2026-23543: Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-f
Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.5.5.
nvd
CVE-2025-39590P4MEDIUMCVSS 6.5fixed in 6.1.10≤ 6.1.92025-04-16
CVE-2025-39590 [MEDIUM] CWE-79 CVE-2025-39590: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through <= 6.1.9.
nvd
CVE-2024-3733P4MEDIUMCVSS 5.3fixed in 5.9.162024-04-25
CVE-2024-3733 [MEDIUM] CWE-200 CVE-2024-3733: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more() , eael_woo_pagination_product_ajax(), and ajax_eael_product_gallery() functions. This makes it possible for unauthe
nvd
CVE-2025-69092P4MEDIUMCVSS 6.5fixed in 6.5.4≤ 6.5.32025-12-30
CVE-2025-69092 [MEDIUM] CWE-79 CVE-2025-69092: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows DOM-Based XSS.This issue affects Essential Addons for Elementor: from n/a through <= 6.5.3.
nvd
CVE-2024-1172P4MEDIUMCVSS 5.4fixed in 5.9.92024-02-29
CVE-2024-1172 [MEDIUM] CWE-79 CVE-2024-1172: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers
nvd
CVE-2024-4448P4MEDIUMCVSS 6.1fixed in 5.9.202024-05-14
CVE-2024-4448 [MEDIUM] CWE-79 CVE-2024-4448: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' widgets in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escapi
nvd
CVE-2021-24255P4MEDIUMCVSS 5.4fixed in 4.5.42021-05-05
CVE-2021-24255 [MEDIUM] CWE-79 CVE-2021-24255: The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 has two widgets that are vulne
The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, both via a similar method.
nvd
CVE-2024-4156P4MEDIUMCVSS 5.4fixed in 5.9.182024-05-02
CVE-2024-4156 [MEDIUM] CWE-79 CVE-2024-4156: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_event_text_color’ parameter in versions up to, and including, 5.9.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attac
nvd
CVE-2024-4003P4MEDIUMCVSS 5.4fixed in 5.9.162024-05-02
CVE-2024-4003 [MEDIUM] CWE-20 CVE-2024-4003: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_team_members_image_rounded parameter in the Team Members widget in all versions up to, and including, 5.9.15 due to insufficient input sanitization and output escaping. This ma
nvd
CVE-2024-4624P4MEDIUMCVSS 5.4fixed in 5.9.212024-05-14
CVE-2024-4624 [MEDIUM] CWE-79 CVE-2024-4624: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugins for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_ext_toc_title_tag’ parameter in versions up to, and including, 5.9.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated att
nvd
CVE-2024-5189P4MEDIUMCVSS 5.4fixed in 5.9.242024-06-11
CVE-2024-5189 [MEDIUM] CWE-79 CVE-2024-5189: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi
nvd
CVE-2024-7092P4MEDIUMCVSS 5.4≤ 5.9.272024-08-13
CVE-2024-7092 [MEDIUM] CWE-79 CVE-2024-7092: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘no_more_items_text’ parameter in all versions up to, and including, 5.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated atta
nvd
CVE-2024-5073P4MEDIUMCVSS 5.4fixed in 5.9.222024-05-30
CVE-2024-5073 [MEDIUM] CWE-79 CVE-2024-5073: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Feed component in all versions up to, and including, 5.9.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w
nvd
CVE-2024-5188P4MEDIUMCVSS 5.4fixed in 5.9.232024-06-06
CVE-2024-5188 [MEDIUM] CWE-79 CVE-2024-5188: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'get_manual_calendar_events' function in all versions up to, and including, 5.9.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticat
nvd
CVE-2024-5612P4MEDIUMCVSS 5.4fixed in 5.8.162024-06-07
CVE-2024-5612 [MEDIUM] CWE-79 CVE-2024-5612: The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scrip
The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Cont
nvd
CVE-2024-9993P4MEDIUMCVSS 5.4fixed in 6.1.132025-06-07
CVE-2024-9993 [MEDIUM] CWE-79 CVE-2024-9993: The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Bu
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_event_details_text parameter of Event Calendar Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user su
nvd
CVE-2024-9994P4MEDIUMCVSS 5.4fixed in 6.1.132025-06-07
CVE-2024-9994 [MEDIUM] CWE-79 CVE-2024-9994: The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Bu
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_pricing_item_tooltip_content parameter of the Pricing Table Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escapi
nvd