Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor — Vulnerabilities & Security Advisories 19

All 19 CVE vulnerabilities found in ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor, with AI-generated Chinese analysis, references, and POCs.

This page provides a comprehensive overview of security vulnerabilities associated with ElementsKit Elementor Addons, an advanced widget and template addon suite for the Elementor page builder. The content focuses specifically on common weakness categories, including cross-site scripting, authorization bypasses, and insecure direct object references that may affect user data integrity and site security. This aggregation collects reported vulnerabilities covering a time range from the initial release of the addon to the present day, ensuring a historical perspective on the product's security posture. Readers can utilize this resource to track vendor advisories and security updates from the ElementsKit team, understand specific weakness classes such as injection flaws or path traversal issues within the context of WordPress environments, and look up a product's vulnerability history to assess long-term maintenance quality. By centralizing this information, users gain transparency into past security incidents and can make informed decisions about their reliance on third-party plugins. The data is structured to help developers and site administrators identify recurring patterns in coding errors, evaluate the responsiveness of the vendor to critical patches, and compare this addon’s track record against similar tools in the Elementor ecosystem. This approach supports proactive security management by highlighting areas where improvements have been made or where persistent risks remain unresolved, allowing stakeholders to implement appropriate mitigation strategies and monitor future advisories effectively.

Vendor: roxnor

CVE IDTitleCVSSSeverityPublished
CVE-2026-4362 ElementsKit Elementor Addons <= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite CWE-862 6.5 Medium2026-05-05
CVE-2026-2600 ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget CWE-79 6.4 Medium2026-04-04
CVE-2026-23693 ElementsKit Elementor Addons < 3.7.9 Unauthenticated Mailchimp REST Endpoint CWE-306 10.0 Critical2026-02-23
CVE-2025-3614 ElementsKit Elementor Addons and Templates <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget CWE-79 6.4 Medium2025-07-24
CVE-2025-4479 ElementsKit Lite <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget CWE-79 6.4 Medium2025-06-19
CVE-2024-11180 ElementsKit Elementor addons <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-03-29
CVE-2025-0968 ElementsKit Elementor addons <= 3.4.0 - Unauthenticated Information Exposure via get_megamenu_content Function CWE-284 5.3 Medium2025-02-19
CVE-2025-1005 ElementsKit Elementor addons <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget CWE-79 6.4 Medium2025-02-15
CVE-2024-10091 ElementsKit Elementor addons <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget CWE-79 6.4 Medium2024-10-26
CVE-2024-8546 ElementsKit Elementor addons <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget CWE-79 6.4 Medium2024-09-25
CVE-2024-6455 ElementsKit Elementor addons <= 3.2.0 - Unauthenticated Information Exposure via ekit_widgetarea_content Function CWE-200 5.3 Medium2024-07-18
CVE-2024-3499 ElementsKit Elementor addons <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Onepage Scroll Module CWE-98 8.8 High2024-05-02
CVE-2024-2803 ElementsKit Elementor addons <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget CWE-79 6.4 Medium2024-04-04
CVE-2024-1238 ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-03-30
CVE-2024-2047 ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Local File Inclusion in render_raw CWE-98 8.8 High2024-03-30
CVE-2024-2042 ElementsKit Elementor addons <= 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget CWE-79 6.4 Medium2024-03-16
CVE-2023-6525 ElementsKit Elementor addons <= 3.0.3 - Authenticated(Editor+) Stored Cross-Site Scripting CWE-79 5.5 Medium2024-03-16
CVE-2024-1239 ElementsKit Elementor addons <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-03-16
CVE-2023-6582 ElementsKit Lite <= 3.0.3 - Unauthenticated Sensitive Information Exposure CWE-284 5.3 Medium2024-01-11

All 19 known CVE vulnerabilities affecting ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor with full Chinese analysis, references, and POCs where available.