cbcvebase.

Wpdeveloper Essential Addons For Elementor vulnerabilities

57 known vulnerabilities affecting wpdeveloper/essential_addons_for_elementor.

Total CVEs
57
CISA KEV
0
Public exploits
2
Exploited in wild
3
Severity breakdown
CRITICAL2HIGH5MEDIUM49LOW1

Vulnerabilities

Page 3 of 3
CVE-2025-6244P4MEDIUMCVSS 5.4fixed in 6.1.202025-07-08
CVE-2025-6244 [MEDIUM] CWE-79 CVE-2025-6244: The Essential Addons for Elementor – Popular Elementor Templates and Widgets plugin for WordPress is The Essential Addons for Elementor – Popular Elementor Templates and Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via `Calendar` And `Business Reviews` Widgets attributes in all versions up to, and including, 6.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated
nvd
CVE-2024-1171P4MEDIUMCVSS 5.4fixed in 5.9.92024-02-29
CVE-2024-1171 [MEDIUM] CWE-79 CVE-2024-1171: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a
nvd
CVE-2023-7044P4MEDIUMCVSS 5.4≤ 5.9.22024-01-04
CVE-2023-7044 [MEDIUM] CWE-79 CVE-2023-7044: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom ID in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor acc
nvd
CVE-2024-0954P4MEDIUMCVSS 5.4≤ 5.9.72024-02-05
CVE-2024-0954 [MEDIUM] CWE-79 CVE-2024-0954: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the 'data-eael-wrapper-link' wrapper in all versions up to, and including, 5.9.7 due to insufficient input sanitization and output escaping on user supplied prot
nvd
CVE-2024-0586P4MEDIUMCVSS 5.4≤ 5.9.42024-02-05
CVE-2024-0586 [MEDIUM] CWE-79 CVE-2024-0586: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL. This makes it possible for aut
nvd
CVE-2024-0585P4MEDIUMCVSS 5.4≤ 5.9.42024-02-05
CVE-2024-0585 [MEDIUM] CWE-79 CVE-2024-0585: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible fo
nvd
CVE-2024-8440P4MEDIUMCVSS 5.4fixed in 6.0.42024-09-11
CVE-2024-8440 [MEDIUM] CWE-79 CVE-2024-8440: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible
nvd
CVE-2024-8742P4MEDIUMCVSS 5.4fixed in 6.0.42024-09-13
CVE-2024-8742 [MEDIUM] CWE-79 CVE-2024-8742: The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Bu The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This m
nvd
CVE-2024-4275P4MEDIUMCVSS 5.4fixed in 5.9.202024-05-14
CVE-2024-4275 [MEDIUM] CWE-79 CVE-2024-4275: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Interactive Circle widget in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it
nvd
CVE-2024-4449P4MEDIUMCVSS 5.4fixed in 5.9.202024-05-14
CVE-2024-4449 [MEDIUM] CWE-79 CVE-2024-4449: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Fancy Text', 'Filter Gallery', 'Sticky Video', 'Content Ticker', 'Woo Product Gallery', & 'Twitter Feed' widgets in all versions up to, and including, 5.9.19 due to insuff
nvd
CVE-2024-8961P4MEDIUMCVSS 5.4fixed in 6.0.82024-11-15
CVE-2024-8961 [MEDIUM] CWE-79 CVE-2024-8961: The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Bu The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nomore_items_text’ parameter in all versions up to, and including, 6.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticate
nvd
CVE-2024-39649P4MEDIUMCVSS 5.4≤ 5.9.262024-08-01
CVE-2024-39649 [MEDIUM] CWE-79 CVE-2024-39649: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite.This issue affects Essential Addons for Elementor: from n/a through <= 5.9.26.
nvd
CVE-2024-5086P4MEDIUMCVSS 5.4fixed in 5.8.152024-05-29
CVE-2024-5086 [MEDIUM] CWE-79 CVE-2024-5086: The Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Build The Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 due to insufficient input sanitization and output escaping on user supplied attributes. Th
nvd
CVE-2024-56063P4MEDIUMCVSS 5.4fixed in 6.0.8≤ 6.0.72024-12-31
CVE-2024-56063 [MEDIUM] CWE-79 CVE-2024-56063: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through <= 6.0.7.
nvd
CVE-2023-32241P4MEDIUMCVSS 6.1≤ 5.4.82023-08-29
CVE-2023-32241 [MEDIUM] CWE-79 CVE-2023-32241: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDeveloper Essential Addons for Eleme Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDeveloper Essential Addons for Elementor Pro plugin <= 5.4.8 versions.
nvd
CVE-2025-39589P4MEDIUMCVSS 4.3fixed in 6.1.10≤ 6.1.92025-04-16
CVE-2025-39589 [MEDIUM] CWE-497 CVE-2025-39589: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDevelo Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Retrieve Embedded Sensitive Data.This issue affects Essential Addons for Elementor: from n/a through <= 6.1.9.
nvd
CVE-2025-64352P4LOWCVSS 2.7fixed in 6.3.0≤ 6.2.42025-10-31
CVE-2025-64352 [LOW] CWE-862 CVE-2025-64352: Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-f Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.2.4.
nvd
Wpdeveloper Essential Addons For Elementor vulnerabilities | cvebase