Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Premium Addons for Elementor – Powerful Elementor Templates & Widgets — Vulnerabilities & Security Advisories 27

All 27 CVE vulnerabilities found in Premium Addons for Elementor – Powerful Elementor Templates & Widgets, with AI-generated Chinese analysis, references, and POCs.

Vendor: leap13

CVE IDTitleCVSSSeverityPublished
CVE-2025-14163 Premium Addons for Elementor <= 4.11.53 - Cross-Site Request Forgery via 'insert_inner_template' CWE-352 4.3 Medium2025-12-23
CVE-2025-14155 Premium Addons for Elementor <= 4.11.53 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'get_template_content' CWE-862 5.3 Medium2025-12-23
CVE-2024-11937 Premium Addons for Elementor <= 4.10.69 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-07-04
CVE-2025-4774 Premium Addons for Elementor <= 4.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget CWE-79 6.4 Medium2025-06-10
CVE-2024-10266 Premium Addons for Elementor <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Video Box Widget CWE-79 6.4 Medium2024-10-29
CVE-2021-4445 Premium Addons for Elementor <= 4.5.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update CWE-862 6.5 Medium2024-10-16
CVE-2024-8681 Premium Addons for Elementor <= 4.10.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Media Grid Widget CWE-79 6.4 Medium2024-09-27
CVE-2024-6824 Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update CWE-862 4.3 Medium2024-08-08
CVE-2024-6495 Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget CWE-79 6.4 Medium2024-07-12
CVE-2024-6434 Premium Addons for Elementor <= 4.10.35 - Regular Expressions Denial of Service CWE-400 3.1 Low2024-07-04
CVE-2024-6340 Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget CWE-79 6.4 Medium2024-07-03
CVE-2024-5553 Premium Addons for Elementor <= 4.10.33 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting CWE-79 4.4 Medium2024-06-12
CVE-2024-4376 Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget CWE-79 6.4 Medium2024-05-31
CVE-2024-4379 Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Global Tooltip CWE-79 5.4 Medium2024-05-31
CVE-2024-4205 Premium Addons for Elementor <= 4.10.31 - Missing Authorization to Information Disclosure CWE-862 4.3 Medium2024-05-31
CVE-2024-4378 Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Menu and Shape Divider CWE-79 6.4 Medium2024-05-23
CVE-2024-4203 Premium Addons for Elementor <= 4.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 5.4 Medium2024-05-02
CVE-2024-3647 Premium Addons for Elementor <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'arrow_style' CWE-79 6.4 Medium2024-05-02
CVE-2024-3885 Premium Addons for Elementor <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-05-02
CVE-2024-2666 Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting CWE-79 5.4 Medium2024-04-10
CVE-2024-2665 Premium Addons for Elementor <= 4.10.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button CWE-79 6.4 Medium2024-04-10
CVE-2024-2664 Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-04-10
CVE-2024-0376 Premium Addons for Elementor <= 4.10.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link Widget CWE-79 6.4 Medium2024-04-09
CVE-2024-2399 Premium Addons for Elementor <= 4.10.23 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-03-15
CVE-2024-1680 Premium Addons for Elementor <= 4.10.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Banner, Team Members, and Image Scroll Widgets CWE-79 6.4 Medium2024-03-13
CVE-2024-0326 Premium Addons for Elementor <= 4.10.17 - Authenticated(Contributor+) Stored Cross-Site Scripting via Link Wrapper CWE-79 6.4 Medium2024-03-13
CVE-2024-1242 Premium Addons for Elementor <= 4.10.18 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-02-20

All 27 known CVE vulnerabilities affecting Premium Addons for Elementor – Powerful Elementor Templates & Widgets with full Chinese analysis, references, and POCs where available.