ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor — Vulnerabilities & Security Advisories 19

All 19 CVE vulnerabilities found in ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor, with AI-generated Chinese analysis, references, and POCs.

Vendor: roxnor

CVE ID	Title	CVSS	Severity	Published
CVE-2026-4362	ElementsKit Elementor Addons <= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite CWE-862	6.5	Medium	2026-05-05
CVE-2026-2600	ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget CWE-79	6.4	Medium	2026-04-04
CVE-2026-23693	ElementsKit Elementor Addons < 3.7.9 Unauthenticated Mailchimp REST Endpoint CWE-306	10.0	Critical	2026-02-23
CVE-2025-3614	ElementsKit Elementor Addons and Templates <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget CWE-79	6.4	Medium	2025-07-24
CVE-2025-4479	ElementsKit Lite <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget CWE-79	6.4	Medium	2025-06-19
CVE-2024-11180	ElementsKit Elementor addons <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79	6.4	Medium	2025-03-29
CVE-2025-0968	ElementsKit Elementor addons <= 3.4.0 - Unauthenticated Information Exposure via get_megamenu_content Function CWE-284	5.3	Medium	2025-02-19
CVE-2025-1005	ElementsKit Elementor addons <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget CWE-79	6.4	Medium	2025-02-15
CVE-2024-10091	ElementsKit Elementor addons <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget CWE-79	6.4	Medium	2024-10-26
CVE-2024-8546	ElementsKit Elementor addons <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget CWE-79	6.4	Medium	2024-09-25
CVE-2024-6455	ElementsKit Elementor addons <= 3.2.0 - Unauthenticated Information Exposure via ekit_widgetarea_content Function CWE-200	5.3	Medium	2024-07-18
CVE-2024-3499	ElementsKit Elementor addons <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Onepage Scroll Module CWE-98	8.8	High	2024-05-02
CVE-2024-2803	ElementsKit Elementor addons <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget CWE-79	6.4	Medium	2024-04-04
CVE-2024-1238	ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79	6.4	Medium	2024-03-30
CVE-2024-2047	ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Local File Inclusion in render_raw CWE-98	8.8	High	2024-03-30
CVE-2024-2042	ElementsKit Elementor addons <= 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget CWE-79	6.4	Medium	2024-03-16
CVE-2023-6525	ElementsKit Elementor addons <= 3.0.3 - Authenticated(Editor+) Stored Cross-Site Scripting CWE-79	5.5	Medium	2024-03-16
CVE-2024-1239	ElementsKit Elementor addons <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79	6.4	Medium	2024-03-16
CVE-2023-6582	ElementsKit Lite <= 3.0.3 - Unauthenticated Sensitive Information Exposure CWE-284	5.3	Medium	2024-01-11

All 19 known CVE vulnerabilities affecting ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor with full Chinese analysis, references, and POCs where available.

Goal Reached Thanks to every supporter — we hit 100%!

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor — Vulnerabilities & Security Advisories 19