Wpvibes Addon Elements For Elementor (Formerly Elementor Addon Elements)

21 CVEs affecting Wpvibes Addon Elements For Elementor (Formerly Elementor Addon Elements). Latest disclosed: 2025-12-14. Critical: 0, High: 1.

Top CVEs affecting Wpvibes Addon Elements For Elementor (Formerly Elementor Addon Elements)
CVESeverityScorePublishedSummary
CVE-2024-1358High8.82024-03-13The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. T…
CVE-2025-12537Medium6.42025-12-14The Addon Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.14.3. This is due to…
CVE-2024-7122Medium6.42024-08-30The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13…
CVE-2024-4401Medium6.42024-08-30The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and 'eae_slider_animation' parameters in all versio…
CVE-2024-4570Medium6.42024-06-27The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5…
CVE-2024-4569Medium6.42024-06-27The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5…
CVE-2024-3743Medium6.42024-05-02The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group, Shape Separator, Content Switcher, In…
CVE-2024-2792Medium6.42024-04-09The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in all versions up to, and including, 1.13.2 due to…
CVE-2024-1422Medium6.42024-03-13The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget's effect setting in all versions up t…
CVE-2024-1393Medium6.42024-03-13The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'icon_align' attribute of the Content Switcher widget in…
CVE-2024-1392Medium6.42024-03-13The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1_icon' attribute of the Dual Button widget in al…
CVE-2024-1391Medium6.42024-03-13The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eae_custom_overlay_switcher’ attribute of the Thumbnail…
CVE-2022-4974Medium6.32024-10-16The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to…
CVE-2024-2092Medium5.42024-06-12The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and inclu…
CVE-2024-2091Medium5.42024-03-28The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1…
CVE-2023-4690Medium5.42023-11-15The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing…
CVE-2023-4689Medium5.42023-11-15The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing…
CVE-2023-4723Medium5.32023-11-15The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_pos…
CVE-2023-5381Medium4.42023-11-15The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.7 due…
CVE-2024-13215Medium4.32025-01-15The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render…