Wpvibes Addon Elements For Elementor (Formerly Elementor Addon Elements)
21 CVEs affecting Wpvibes Addon Elements For Elementor (Formerly Elementor Addon Elements). Latest disclosed: 2025-12-14. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-1358 | High | 8.8 | 2024-03-13 | The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. T… |
CVE-2025-12537 | Medium | 6.4 | 2025-12-14 | The Addon Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.14.3. This is due to… |
CVE-2024-7122 | Medium | 6.4 | 2024-08-30 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13… |
CVE-2024-4401 | Medium | 6.4 | 2024-08-30 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and 'eae_slider_animation' parameters in all versio… |
CVE-2024-4570 | Medium | 6.4 | 2024-06-27 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5… |
CVE-2024-4569 | Medium | 6.4 | 2024-06-27 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5… |
CVE-2024-3743 | Medium | 6.4 | 2024-05-02 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group, Shape Separator, Content Switcher, In… |
CVE-2024-2792 | Medium | 6.4 | 2024-04-09 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in all versions up to, and including, 1.13.2 due to… |
CVE-2024-1422 | Medium | 6.4 | 2024-03-13 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget's effect setting in all versions up t… |
CVE-2024-1393 | Medium | 6.4 | 2024-03-13 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'icon_align' attribute of the Content Switcher widget in… |
CVE-2024-1392 | Medium | 6.4 | 2024-03-13 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1_icon' attribute of the Dual Button widget in al… |
CVE-2024-1391 | Medium | 6.4 | 2024-03-13 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eae_custom_overlay_switcher’ attribute of the Thumbnail… |
CVE-2022-4974 | Medium | 6.3 | 2024-10-16 | The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to… |
CVE-2024-2092 | Medium | 5.4 | 2024-06-12 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and inclu… |
CVE-2024-2091 | Medium | 5.4 | 2024-03-28 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1… |
CVE-2023-4690 | Medium | 5.4 | 2023-11-15 | The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing… |
CVE-2023-4689 | Medium | 5.4 | 2023-11-15 | The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing… |
CVE-2023-4723 | Medium | 5.3 | 2023-11-15 | The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_pos… |
CVE-2023-5381 | Medium | 4.4 | 2023-11-15 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.7 due… |
CVE-2024-13215 | Medium | 4.3 | 2025-01-15 | The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render… |