CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24595 – WordPress All Embed – Elementor Addons plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-24595
24 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins All Embed – Elementor Addons allows Stored XSS. This issue affects All Embed – Elementor Addons: from n/a through 1.1.3. The All Embed – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access... • https://patchstack.com/database/wordpress/plugin/all-embed-addons-for-elementor/vulnerability/wordpress-all-embed-elementor-addons-plugin-1-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24618 – WordPress ElementInvader Addons for Elementor Plugin <= 1.3.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-24618
24 Jan 2025 — Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.1. The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with Contributor-level acc... • https://patchstack.com/database/wordpress/plugin/elementinvader-addons-for-elementor/vulnerability/wordpress-elementinvader-addons-for-elementor-plugin-1-3-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24725 – WordPress Thim Elementor Kit Plugin <= 1.2.8 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-24725
24 Jan 2025 — Missing Authorization vulnerability in ThimPress Thim Elementor Kit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Elementor Kit: from n/a through 1.2.8. The Thim Elementor Kit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/thim-elementor-kit/vulnerability/wordpress-thim-elementor-kit-plugin-1-2-8-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24729 – WordPress ElementInvader Addons for Elementor plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-24729
24 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.3. The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi... • https://patchstack.com/database/wordpress/plugin/elementinvader-addons-for-elementor/vulnerability/wordpress-elementinvader-addons-for-elementor-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22758 – WordPress Elementor AI Addons plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22758
14 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aiwp Elementor AI Addons allows DOM-Based XSS.This issue affects Elementor AI Addons: from n/a through 2.2.1. The Elementor AI Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitra... • https://patchstack.com/database/wordpress/plugin/ai-addons-for-elementor/vulnerability/wordpress-elementor-ai-addons-plugin-2-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22786 – WordPress ElementInvader Addons for Elementor plugin <= 1.2.6 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-22786
13 Jan 2025 — Path Traversal vulnerability in ElementInvader ElementInvader Addons for Elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.6. The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any ... • https://patchstack.com/database/wordpress/plugin/elementinvader-addons-for-elementor/vulnerability/wordpress-elementinvader-addons-for-elementor-plugin-1-2-6-local-file-inclusion-vulnerability?_s_id=cve • CWE-35: Path Traversal: '.../...//' CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22500 – WordPress Alpha Price Table For Elementor plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22500
07 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ali Ali Alpha Price Table For Elementor allows DOM-Based XSS.This issue affects Alpha Price Table For Elementor: from n/a through 1.0.8. The Alpha Price Table For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-le... • https://patchstack.com/database/wordpress/plugin/alpha-price-table-for-elementor/vulnerability/wordpress-alpha-price-table-for-elementor-plugin-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22811 – WordPress MT Addons for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22811
07 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modeltheme MT Addons for Elementor allows Stored XSS.This issue affects MT Addons for Elementor: from n/a through 1.0.6. The MT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to... • https://patchstack.com/database/wordpress/plugin/mt-addons-for-elementor/vulnerability/wordpress-mt-addons-for-elementor-plugin-1-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22812 – WordPress News Ticker Widget for Elementor plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22812
07 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FlickDevs News Ticker Widget for Elementor allows Stored XSS.This issue affects News Ticker Widget for Elementor: from n/a through 1.3.2. The News Ticker Widget for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-... • https://patchstack.com/database/wordpress/plugin/news-ticker-widget-for-elementor/vulnerability/wordpress-news-ticker-widget-for-elementor-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22312 – WordPress Thim Elementor Kit plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22312
06 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Thim Elementor Kit allows DOM-Based XSS.This issue affects Thim Elementor Kit: from n/a through 1.2.8. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en ThimPress Thim Elementor Kit permite XSS basado en DOM. Este problema afecta a Thim Elementor Kit: desde n/a hasta 1.2.8. The Thim Elementor Kit plugin for WordPress is vulne... • https://patchstack.com/database/wordpress/plugin/thim-elementor-kit/vulnerability/wordpress-thim-elementor-kit-plugin-1-2-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •