Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Premium Addons for Elementor – Powerful Elementor Templates & Widgets — Vulnerabilities & Security Advisories 28

All 28 CVE vulnerabilities found in Premium Addons for Elementor – Powerful Elementor Templates & Widgets, with AI-generated Chinese analysis, references, and POCs.

This page provides a comprehensive collection of security vulnerabilities and weaknesses identified in Premium Addons for Elementor, a popular WordPress plugin developed by Brickscape. It aggregates data regarding various weakness classes including cross-site scripting, broken access control, and injection flaws that may affect the integrity and confidentiality of websites utilizing this tool. The content covers vulnerability reports and advisories spanning from the plugin's initial release through recent updates up to 2024, ensuring a historical perspective on its security posture. Here, security professionals and website administrators can track the vendor’s response to critical issues and understand the specific nature of each weakness class affecting the software. Users can also look up the complete vulnerability history of Premium Addons for Elementor to assess risk levels and prioritize remediation efforts. This resource serves as a centralized repository for understanding the security landscape of this specific product, allowing for informed decision-making regarding plugin usage and maintenance. By examining past incidents and disclosed flaws, stakeholders can better evaluate the reliability of the vendor and the potential impact on their digital infrastructure. The information is organized to facilitate easy retrieval of details without requiring external searches or complex navigation. This approach supports transparency in cybersecurity by making vulnerability data accessible to all relevant parties involved in website management. It aims to promote proactive security practices by highlighting areas of concern that require immediate attention or long-term mitigation strategies.

Vendor: leap13

CVE IDTitleCVSSSeverityPublished
CVE-2026-4790 Premium Addons for Elementor <= 4.11.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_svg' Parameter CWE-79 5.4 Medium2026-05-02
CVE-2025-14163 Premium Addons for Elementor <= 4.11.53 - Cross-Site Request Forgery via 'insert_inner_template' CWE-352 4.3 Medium2025-12-23
CVE-2025-14155 Premium Addons for Elementor <= 4.11.53 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'get_template_content' CWE-862 5.3 Medium2025-12-23
CVE-2024-11937 Premium Addons for Elementor <= 4.10.69 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-07-04
CVE-2025-4774 Premium Addons for Elementor <= 4.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget CWE-79 6.4 Medium2025-06-10
CVE-2024-10266 Premium Addons for Elementor <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Video Box Widget CWE-79 6.4 Medium2024-10-29
CVE-2021-4445 Premium Addons for Elementor <= 4.5.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update CWE-862 6.5 Medium2024-10-16
CVE-2024-8681 Premium Addons for Elementor <= 4.10.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Media Grid Widget CWE-79 6.4 Medium2024-09-27
CVE-2024-6824 Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update CWE-862 4.3 Medium2024-08-08
CVE-2024-6495 Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget CWE-79 6.4 Medium2024-07-12
CVE-2024-6434 Premium Addons for Elementor <= 4.10.35 - Regular Expressions Denial of Service CWE-400 3.1 Low2024-07-04
CVE-2024-6340 Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget CWE-79 6.4 Medium2024-07-03
CVE-2024-5553 Premium Addons for Elementor <= 4.10.33 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting CWE-79 4.4 Medium2024-06-12
CVE-2024-4379 Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Global Tooltip CWE-79 5.4 Medium2024-05-31
CVE-2024-4376 Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget CWE-79 6.4 Medium2024-05-31
CVE-2024-4205 Premium Addons for Elementor <= 4.10.31 - Missing Authorization to Information Disclosure CWE-862 4.3 Medium2024-05-31
CVE-2024-4378 Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Menu and Shape Divider CWE-79 6.4 Medium2024-05-23
CVE-2024-4203 Premium Addons for Elementor <= 4.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 5.4 Medium2024-05-02
CVE-2024-3647 Premium Addons for Elementor <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'arrow_style' CWE-79 6.4 Medium2024-05-02
CVE-2024-3885 Premium Addons for Elementor <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-05-02
CVE-2024-2666 Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting CWE-79 5.4 Medium2024-04-10
CVE-2024-2665 Premium Addons for Elementor <= 4.10.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button CWE-79 6.4 Medium2024-04-10
CVE-2024-2664 Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-04-10
CVE-2024-0376 Premium Addons for Elementor <= 4.10.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link Widget CWE-79 6.4 Medium2024-04-09
CVE-2024-2399 Premium Addons for Elementor <= 4.10.23 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-03-15
CVE-2024-1680 Premium Addons for Elementor <= 4.10.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Banner, Team Members, and Image Scroll Widgets CWE-79 6.4 Medium2024-03-13
CVE-2024-0326 Premium Addons for Elementor <= 4.10.17 - Authenticated(Contributor+) Stored Cross-Site Scripting via Link Wrapper CWE-79 6.4 Medium2024-03-13
CVE-2024-1242 Premium Addons for Elementor <= 4.10.18 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-02-20

All 28 known CVE vulnerabilities affecting Premium Addons for Elementor – Powerful Elementor Templates & Widgets with full Chinese analysis, references, and POCs where available.