Roxnor Elementskit Elementor Addons – Advanced Widgets & Templates Addons For Elementor
19 CVEs affecting Roxnor Elementskit Elementor Addons – Advanced Widgets & Templates Addons For Elementor. Latest disclosed: 2026-05-05. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-23693 | Critical | 10.0 | 2026-02-23 | ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor (elementskit-lite) WordPress plugin versions prior to 3.7.9 expose the REST en… |
CVE-2024-3499 | High | 8.8 | 2024-05-02 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the generate_naviga… |
CVE-2024-2047 | High | 8.8 | 2024-03-30 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the render_raw func… |
CVE-2026-4362 | Medium | 6.5 | 2026-05-05 | The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `Live_Action… |
CVE-2026-2600 | Medium | 6.4 | 2026-04-04 | The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ekit_tab_title' parameter in the Simp… |
CVE-2025-3614 | Medium | 6.4 | 2025-07-24 | The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of a custom widget in al… |
CVE-2025-4479 | Medium | 6.4 | 2025-06-19 | The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin image comparison widget's befor… |
CVE-2024-11180 | Medium | 6.4 | 2025-03-29 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer Widget ekit_countdown_timer_title pa… |
CVE-2025-1005 | Medium | 6.4 | 2025-02-15 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion widget in all versions up t… |
CVE-2024-10091 | Medium | 6.4 | 2024-10-26 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Comparison Widget in all versions up to, and i… |
CVE-2024-8546 | Medium | 6.4 | 2024-09-25 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video widget in all versions up to, and inc… |
CVE-2024-2803 | Medium | 6.4 | 2024-04-04 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and includin… |
CVE-2024-1238 | Medium | 6.4 | 2024-03-30 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button ID parameter in all versions up to, and inclu… |
CVE-2024-2042 | Medium | 6.4 | 2024-03-16 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and in… |
CVE-2024-1239 | Medium | 6.4 | 2024-03-16 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, an… |
CVE-2023-6525 | Medium | 5.5 | 2024-03-16 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up t… |
CVE-2025-0968 | Medium | 5.3 | 2025-02-19 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a mis… |
CVE-2024-6455 | Medium | 5.3 | 2024-07-18 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capabi… |
CVE-2023-6582 | Medium | 5.3 | 2024-01-11 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekit_… |