Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Addon Elements for Elementor (formerly Elementor Addon Elements) — Vulnerabilities & Security Advisories 20

All 20 CVE vulnerabilities found in Addon Elements for Elementor (formerly Elementor Addon Elements), with AI-generated Chinese analysis, references, and POCs.

This page documents security vulnerabilities affecting Addon Elements for Elementor, formerly known as Elementor Addon Elements, categorized as a WordPress plugin weakness. The collection includes various vulnerability types such as cross-site scripting, broken access control, and improper input validation discovered between 2020 and 2024. Users can track vendor security advisories to understand how the development team responds to disclosed issues, analyze specific weakness classes to grasp the technical nature of the flaws, and review the product's complete vulnerability history to assess its long-term security posture. This aggregation serves as a neutral reference for developers, security researchers, and site administrators who need to evaluate the risk associated with this specific Elementor add-on. By consolidating data from multiple sources, the page provides a comprehensive view of past incidents without endorsing or criticizing the vendor. It aims to facilitate informed decision-making regarding plugin updates and security audits. The information presented here is strictly factual, focusing on the existence, classification, and resolution status of reported security issues. There is no promotional content or speculative analysis included in this summary. The goal is to offer a clear, accessible, and accurate record of security events related to Addon Elements for Elementor, enabling users to make better-informed choices about their website infrastructure and maintenance practices.

Vendor: wpvibes

CVE IDTitleCVSSSeverityPublished
CVE-2025-12537 Addon Elements for Elementor <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-12-14
CVE-2024-13215 Elementor Addon Elements <= 1.13.10 - Authenticated (Contributor+) Sensitive Information Exposure via Modal Popup CWE-359 4.3 Medium2025-01-15
CVE-2024-8902 Elementor Addon Elements <= 1.13.8 - Authenticated (Contributor+) Sensitive Information Exposure via table_saved_sections CWE-200 4.3 Medium2024-10-12
CVE-2024-7122 Elementor Addon Elements <= 1.13.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets CWE-79 6.4 Medium2024-08-30
CVE-2024-4401 Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and eae_slider_animation Parameters CWE-79 6.4 Medium2024-08-30
CVE-2024-4570 Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-06-27
CVE-2024-4569 Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-06-27
CVE-2024-2092 Elementor Addon Elements <= 1.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Widget CWE-79 5.4 Medium2024-06-12
CVE-2024-3743 Elementor Addon Elements <= 1.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-05-02
CVE-2024-2792 Elementor Addon Elements <= 1.13.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Text Separator' and 'Image Compare' Widget CWE-79 6.4 Medium2024-04-09
CVE-2024-2091 Elementor Addon Elements <= 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 5.4 Medium2024-03-28
CVE-2024-1393 Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Switcher Widget CWE-79 6.4 Medium2024-03-13
CVE-2024-1391 Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Thumbnail Slider Widget CWE-79 6.4 Medium2024-03-13
CVE-2024-1422 Elementor Addon Elements <= 1.12.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Modal Popup effet CWE-79 6.4 Medium2024-03-13
CVE-2024-1392 Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Dual Button Widget CWE-79 6.4 Medium2024-03-13
CVE-2024-1358 Elementor Addon Elements <= 1.12.12 - Directory Traversal to Local File Inclusion CWE-22 8.8 High2024-03-13
CVE-2023-5381 Elementor Addon Elements <= 1.12.7 - Authenticated (Administrator+) Stored Cross-Site Scripting CWE-79 4.4 Medium2023-11-15
CVE-2023-4690 Elementor Addon Elements <= 1.12.7 - Cross-Site Request Forgery CWE-352 5.4 Medium2023-11-15
CVE-2023-4689 Elementor Addon Elements <= 1.12.7 - Cross-Site Request Forgery CWE-352 5.4 Medium2023-11-15
CVE-2023-4723 Elementor Addon Elements <= 1.12.7 - Missing Authorization to Sensitive Information Exposure CWE-862 5.3 Medium2023-11-15

All 20 known CVE vulnerabilities affecting Addon Elements for Elementor (formerly Elementor Addon Elements) with full Chinese analysis, references, and POCs where available.