Elementor Addons by Livemesh

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Elementor Addons by Livemesh

Information

Software Type Plugin
Software Slug addons-for-elementor (view on wordpress.org)
Software Status Active
Software Author livemesh
Software Website livemeshelementor.com
Software Downloads 3,827,901
Software Active Installs 60,000
Software Record Last Updated May 19, 2024

15 Vulnerabilities

Livemesh Addons for Elementor <= 6.7.1- Contributor+ Stored Cross-Site Scripting
5.4
CVE-2021-24260
Apr 13, 2021
Researcher: Ram
Livemesh Addons for Elementor <= 7.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting
5.5
CVE-2022-3862
Nov 21, 2022
Researcher: zhangyunpei
Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get
6.1
CVE-2023-33999
Jul 18, 2023
Researcher: Rafie Muhammad
Freemius SDK <= 2.4.2 - Missing Authorization Checks
6.3
CVE ID Unknown
Mar 4, 2022
Researchers:
Elementor Addons by Livemesh <= 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name
6.4
CVE-2024-2655
Apr 9, 2024
Researcher: stealthcopter
Elementor Addons by Livemesh <= 8.3.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget _id attribute
6.4
CVE-2024-2539
Apr 9, 2024
Researcher: Ngô Thiên An (ancorn_)
Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Multislider Widget
6.4
CVE-2024-1466
Mar 13, 2024
Researcher: Drian
Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Carousel Widget
6.4
CVE-2024-1465
Mar 13, 2024
Researcher: RandomRoot
Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Slider Widget
6.4
CVE-2024-1464
Mar 13, 2024
Researcher: 0liveira
Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget
6.4
CVE-2024-1461
Mar 13, 2024
Researcher: Nikolas
Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Widget
6.4
CVE-2024-1458
Mar 13, 2024
Researcher: wesley (wcraft)
Livemesh Addons for Elementor <= 8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via animated_text_class
6.4
CVE-2024-25598
Feb 12, 2024
Researcher: Abu Hurayra
Elementor Addons by Livemesh <= 8.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-1235
Feb 7, 2024
Researcher: Webbernaut
Elementor Addons by Livemesh <= 8.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-0448
Jan 25, 2024
Researcher: Webbernaut
Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update
8.8
CVE ID Unknown
Feb 25, 2019
Researchers:
Title Status CVE ID CVSS Researchers Date
Livemesh Addons for Elementor <= 6.7.1- Contributor+ Stored Cross-Site Scripting Patched CVE-2021-24260 5.4 Ram April 13, 2021
Livemesh Addons for Elementor <= 7.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting Patched CVE-2022-3862 5.5 zhangyunpei November 21, 2022
Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get Patched CVE-2023-33999 6.1 Rafie Muhammad July 18, 2023
Freemius SDK <= 2.4.2 - Missing Authorization Checks Patched 6.3 March 4, 2022
Elementor Addons by Livemesh <= 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name Patched CVE-2024-2655 6.4 stealthcopter April 9, 2024
Elementor Addons by Livemesh <= 8.3.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget _id attribute Patched CVE-2024-2539 6.4 Ngô Thiên An (ancorn_) April 9, 2024
Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Multislider Widget Patched CVE-2024-1466 6.4 Drian March 13, 2024
Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Carousel Widget Patched CVE-2024-1465 6.4 RandomRoot March 13, 2024
Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Slider Widget Patched CVE-2024-1464 6.4 0liveira March 13, 2024
Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget Patched CVE-2024-1461 6.4 Nikolas March 13, 2024
Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Widget Patched CVE-2024-1458 6.4 wesley (wcraft) March 13, 2024
Livemesh Addons for Elementor <= 8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via animated_text_class Patched CVE-2024-25598 6.4 Abu Hurayra February 12, 2024
Elementor Addons by Livemesh <= 8.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-1235 6.4 Webbernaut February 7, 2024
Elementor Addons by Livemesh <= 8.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-0448 6.4 Webbernaut January 25, 2024
Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update Patched 8.8 February 25, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation