Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

NicheAddons — Vulnerabilities & Security Advisories 24

Browse all 24 CVE security advisories affecting NicheAddons. AI-powered Chinese analysis, POCs, and references for each vulnerability.

NicheAddons operates as a software vendor specializing in third-party modules and extensions for popular content management systems, primarily targeting WordPress environments. The company’s portfolio has been associated with twenty-four recorded Common Vulnerabilities and Exposures (CVEs), indicating a significant historical security footprint. Analysis of these disclosures reveals that the most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation flaws. These issues typically stem from insufficient input validation and inadequate access controls within the add-on codebases. While no single catastrophic data breach has been publicly attributed directly to NicheAddons as a corporate entity, the high volume of CVEs suggests systemic weaknesses in their development and quality assurance processes. Users of these extensions are advised to prioritize regular updates and strict permission management to mitigate the risk of exploitation inherent in these known defect patterns.

Top products by NicheAddons: Events Addon for Elementor Primary Addon for Elementor Restaurant & Cafe Addon for Elementor Medical Addon for Elementor Charity Addon for Elementor Sales Page Addon – Elementor & Beaver Builder Education Addon for Elementor
CVE IDTitleCVSSSeverityPublished
CVE-2025-8150 Events Addon for Elementor <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typewriter and Countdown Widgets — Events Addon for ElementorCWE-79 6.4 Medium2025-08-29
CVE-2025-8212 Medical Addon for Elementor <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typewriter Widget — Medical Addon for ElementorCWE-79 6.4 Medium2025-08-02
CVE-2024-13854 Education Addon for Elementor <= 1.3.1 - Authenticated (Contributor+) Insecure Direct Object Reference via naedu_elementor_template Shortcode — Education Addon for ElementorCWE-284 4.3 Medium2025-02-19
CVE-2024-12046 Medical Addon for Elementor <= 1.6.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode — Medical Addon for ElementorCWE-639 4.3 Medium2025-02-04
CVE-2024-12061 Events Addon for Elementor <= 2.2.3 - Authenticated (Contributor+) Post Disclosure — Events Addon for ElementorCWE-639 4.3 Medium2024-12-18
CVE-2024-54316 WordPress Restaurant & Cafe Addon for Elementor plugin <= 1.5.8 - Cross Site Scripting (XSS) vulnerability — Restaurant & Cafe Addon for ElementorCWE-79 6.5 Medium2024-12-13
CVE-2024-54314 WordPress Primary Addon for Elementor plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability — Primary Addon for ElementorCWE-79 6.5 Medium2024-12-13
CVE-2024-54315 WordPress Events Addon for Elementor plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability — Events Addon for ElementorCWE-79 6.5 Medium2024-12-13
CVE-2023-47826 WordPress Restaurant & Cafe Addon for Elementor plugin <= 1.5.3 - Broken Access Control vulnerability — Restaurant & Cafe Addon for ElementorCWE-862 6.5 Medium2024-12-09
CVE-2024-12062 Charity Addon for Elementor <= 1.3.3 - Authenticated (Contributor+) Post Disclosure — Charity Addon for ElementorCWE-639 4.3 Medium2024-12-03
CVE-2024-10780 Restaurant & Cafe Addon for Elementor <= 1.5.9 - Authenticated (Contributor+) Post Disclosure — Restaurant & Cafe Addon for ElementorCWE-639 4.3 Medium2024-11-28
CVE-2024-10670 Primary Addon for Elementor <= 1.6.2 - Authenticated (Contributor+) Post Disclosure — Primary Addon for ElementorCWE-639 4.3 Medium2024-11-28
CVE-2024-51938 WordPress Charity Addon for Elementor plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability — Charity Addon for ElementorCWE-79 6.5 Medium2024-11-19
CVE-2024-51581 WordPress Restaurant & Cafe Addon for Elementor plugin <= 1.5.6 - Cross Site Scripting (XSS) vulnerability — Restaurant & Cafe Addon for ElementorCWE-79 6.5 Medium2024-11-10
CVE-2024-51585 WordPress Sales Page Addon plugin <= 1.4.5 - Stored Cross Site Scripting (XSS) vulnerability — Sales Page Addon – Elementor & Beaver BuilderCWE-79 6.5 Medium2024-11-09
CVE-2024-49259 WordPress Primary Addon for Elementor plugin <= 1.5.8 - Cross Site Scripting (XSS) vulnerability — Primary Addon for ElementorCWE-79 6.5 Medium2024-10-17
CVE-2024-49264 WordPress Events Addon for Elementor plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability — Events Addon for ElementorCWE-79 6.5 Medium2024-10-17
CVE-2024-44024 WordPress Medical Addon for Elementor plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability — Medical Addon for ElementorCWE-79 6.5 Medium2024-10-06
CVE-2024-44026 WordPress Charity Addon for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability — Charity Addon for ElementorCWE-79 6.5 Medium2024-10-06
CVE-2024-44032 WordPress Restaurant & Cafe Addon for Elementor plugin <= 1.5.5 - Cross Site Scripting (XSS) vulnerability — Restaurant & Cafe Addon for ElementorCWE-79 6.5 Medium2024-10-06
CVE-2024-44033 WordPress Primary Addon for Elementor plugin <= 1.5.7 - Cross Site Scripting (XSS) vulnerability — Primary Addon for ElementorCWE-79 6.5 Medium2024-10-06
CVE-2024-4669 Events Addon for Elementor <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — Events Addon for ElementorCWE-79 6.4 Medium2024-06-11
CVE-2024-5229 Primary Addon for Elementor <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget — Primary Addon for ElementorCWE-79 6.4 Medium2024-05-25
CVE-2023-47827 WordPress Events Addon for Elementor Plugin <= 2.1.3 is vulnerable to Broken Access Control — Events Addon for ElementorCWE-863 6.5 Medium2023-11-30

This page lists every published CVE security advisory associated with NicheAddons. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.