Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Premium Addons for Elementor — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting Premium Addons for Elementor. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Premium Addons for Elementor is a WordPress plugin extending Elementor's functionality with widgets and templates. Historically, it has been vulnerable to multiple security issues including cross-site scripting (XSS), remote code execution (RCE), privilege escalation, and authentication bypass vulnerabilities. The plugin has accumulated seven CVEs, reflecting persistent security challenges. Notable incidents include a critical RCE vulnerability in versions before 4.9.33 that allowed unauthenticated attackers to execute arbitrary code, and multiple XSS flaws enabling malicious script injection. These vulnerabilities highlight the risks of maintaining complex third-party extensions in WordPress environments, where security updates are crucial for preventing potential compromises.

Top products by Premium Addons for Elementor: Premium Addons Pro for Elementor Premium Addons PRO
CVE IDTitleCVSSSeverityPublished
CVE-2024-2000 Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multi Scroll Widget — Premium Addons Pro for ElementorCWE-79 6.4 Medium2024-03-13
CVE-2024-2238 Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Mouse Cursor Module — Premium Addons Pro for ElementorCWE-79 6.4 Medium2024-03-13
CVE-2024-1996 Premium Addons for Elementor PRO <= 2.9.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget link — Premium Addons Pro for ElementorCWE-79 6.4 Medium2024-03-13
CVE-2024-1997 Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Messenger Chat Widget — Premium Addons Pro for ElementorCWE-79 6.4 Medium2024-03-13
CVE-2024-2237 Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Global Badge Module — Premium Addons Pro for ElementorCWE-79 6.4 Medium2024-03-13
CVE-2024-2239 Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Premium Magic Scroll Module — Premium Addons Pro for ElementorCWE-79 6.4 Medium2024-03-13
CVE-2023-34012 WordPress Premium Addons PRO Plugin <= 2.8.24 is vulnerable to Cross Site Scripting (XSS) — Premium Addons PROCWE-79 7.1 High2023-06-23

This page lists every published CVE security advisory associated with Premium Addons for Elementor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.