Elementor Addons by Livemesh

Information

Software Type Plugin
Software Slug addons-for-elementor (view on wordpress.org)
Software Status Active
Software Author livemesh
Software Website livemeshelementor.com
Software Downloads 3,933,062
Software Active Installs 60,000
Software Record Last Updated October 14, 2024

20 Vulnerabilities

6.3
CVE ID Unknown
Mar 4, 2022
Researchers:
Title Status CVE ID CVSS Researchers Date
Elementor Addons by Livemesh <= 8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via piechart_settings Parameter Patched CVE-2024-8858 6.4 stealthcopter September 24, 2024
Elementor Addons by Livemesh <= 8.4 - Authenticated (Contributor+) Limited Local File Inclusion via Widgets Patched CVE-2024-2385 8.8 wesley (wcraft) July 3, 2024
Elementor Addons by Livemesh <= 8.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Marquee Text Widget, Testimonials Widget, and Testimonial Slider Widgets Patched CVE-2024-3638 6.4 Webbernaut July 3, 2024
Elementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Various Widgets Patched CVE-2024-2926 6.4 wesley (wcraft) July 3, 2024
Elementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Grid Patched CVE-2024-3639 6.4 Ngô Thiên An (ancorn_) July 3, 2024
Elementor Addons by Livemesh <= 8.3.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget _id attribute Patched CVE-2024-2539 6.4 Ngô Thiên An (ancorn_) April 9, 2024
Elementor Addons by Livemesh <= 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name Patched CVE-2024-2655 6.4 stealthcopter April 9, 2024
Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Slider Widget Patched CVE-2024-1464 6.4 0liveira March 13, 2024
Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Widget Patched CVE-2024-1458 6.4 wesley (wcraft) March 13, 2024
Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget Patched CVE-2024-1461 6.4 Nikolas March 13, 2024
Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Carousel Widget Patched CVE-2024-1465 6.4 RandomRoot March 13, 2024
Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Multislider Widget Patched CVE-2024-1466 6.4 Drian March 13, 2024
Livemesh Addons for Elementor <= 8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via animated_text_class Patched CVE-2024-25598 6.4 Abu Hurayra February 12, 2024
Elementor Addons by Livemesh <= 8.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-1235 6.4 Webbernaut February 7, 2024
Elementor Addons by Livemesh <= 8.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-0448 6.4 Webbernaut January 25, 2024
Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get Patched CVE-2023-33999 6.1 Rafie Muhammad July 18, 2023
Livemesh Addons for Elementor <= 7.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting Patched CVE-2022-3862 5.5 zhangyunpei November 21, 2022
Freemius SDK <= 2.4.2 - Missing Authorization Checks Patched 6.3 March 4, 2022
Livemesh Addons for Elementor <= 6.7.1- Contributor+ Stored Cross-Site Scripting Patched CVE-2021-24260 5.4 Ram April 13, 2021
Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update Patched 8.8 February 25, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation