ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

Information

Software Type Plugin
Software Slug elementskit-lite (view on wordpress.org)
Software Status Active
Software Author roxnor
Software Website wpmet.com
Software Downloads 50,110,660
Software Active Installs 1,000,000
Software Record Last Updated June 18, 2026

Showing 1-20 of 26 Vulnerabilities

Submit a Vulnerability
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor <= 3.9.6 - Missing Authorization
4.3
CVE-2026-49052
May 27, 2026
Researcher: Bonds
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor <= 3.9.6 - Missing Authorization
5.3
CVE-2026-49053
May 27, 2026
Researcher: Bonds
ElementsKit Elementor Addons <= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite
6.5
CVE-2026-4362
May 4, 2026
Researcher: Jack Pas (Dark.)
ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget
6.4
CVE-2026-2600
Apr 3, 2026
Researcher: iwd - Prysm Sec
ElementsKit Elementor addons Lite < 3.7.9 - Missing Authorization
5.3
CVE-2026-23693
Feb 24, 2026
Researcher: Rahul Karne
ElementsKit Elementor Addons and Templates <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget
6.4
CVE-2025-3614
Jul 24, 2025
Researcher: Hardik Raval
ElementsKit Lite <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget
6.4
CVE-2025-4479
Jun 18, 2025
Researcher: Asaf Mozes
ElementsKit Elementor addons <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-11180
Mar 28, 2025
Researcher: zer0gh0st
ElementsKit Elementor addons <= 3.4.0 - Unauthenticated Information Exposure via get_megamenu_content Function
5.3
CVE-2025-0968
Feb 18, 2025
Researcher: stealthcopter
ElementsKit Elementor addons <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget
6.4
CVE-2025-1005
Feb 14, 2025
Researcher: Webbernaut
ElementsKit Elementor addons <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget
6.4
CVE-2024-10091
Oct 25, 2024
Researcher: zer0gh0st
ElementsKit Elementor addons <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget
6.4
CVE-2024-8546
Sep 24, 2024
Researcher: zer0gh0st
ElementsKit Elementor addons <= 3.2.0 - Unauthenticated Information Exposure via ekit_widgetarea_content Function
5.3
CVE-2024-6455
Jul 18, 2024
Researcher: stealthcopter
Elements kit Elementor addons <= 3.1.4 - Missing Authorization
5.3
CVE-2024-37255
Jun 27, 2024
Researcher: Rafie Muhammad
ElementsKit Elementor addons 3.0.7 - 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget
6.4
CVE-2024-3650
Apr 30, 2024
Researcher: wesley (wcraft)
ElementsKit Elementor addons <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Onepage Scroll Module
8.8
CVE-2024-3499
Apr 22, 2024
Researcher: Webbernaut
ElementsKit Elementor addons Lite <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-32505
Apr 15, 2024
Researcher: Ngô Thiên An (ancorn_)
ElementsKit Elementor addons <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
6.4
CVE-2024-2803
Apr 3, 2024
Researcher: Webbernaut
ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-1238
Mar 29, 2024
Researcher: wesley (wcraft)
ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Local File Inclusion in render_raw
8.8
CVE-2024-2047
Mar 29, 2024
Researcher: wesley (wcraft)
Title Status CVE ID CVSS Researchers Date
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor <= 3.9.6 - Missing Authorization Patched CVE-2026-49052 4.3 Bonds May 27, 2026
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor <= 3.9.6 - Missing Authorization Patched CVE-2026-49053 5.3 Bonds May 27, 2026
ElementsKit Elementor Addons <= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite Patched CVE-2026-4362 6.5 Jack Pas (Dark.) May 4, 2026
ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget Patched CVE-2026-2600 6.4 iwd - Prysm Sec April 3, 2026
ElementsKit Elementor addons Lite < 3.7.9 - Missing Authorization Patched CVE-2026-23693 5.3 Rahul Karne February 24, 2026
ElementsKit Elementor Addons and Templates <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget Patched CVE-2025-3614 6.4 Hardik Raval July 24, 2025
ElementsKit Lite <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget Patched CVE-2025-4479 6.4 Asaf Mozes June 18, 2025
ElementsKit Elementor addons <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-11180 6.4 zer0gh0st March 28, 2025
ElementsKit Elementor addons <= 3.4.0 - Unauthenticated Information Exposure via get_megamenu_content Function Patched CVE-2025-0968 5.3 stealthcopter February 18, 2025
ElementsKit Elementor addons <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget Patched CVE-2025-1005 6.4 Webbernaut February 14, 2025
ElementsKit Elementor addons <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget Patched CVE-2024-10091 6.4 zer0gh0st October 25, 2024
ElementsKit Elementor addons <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget Patched CVE-2024-8546 6.4 zer0gh0st September 24, 2024
ElementsKit Elementor addons <= 3.2.0 - Unauthenticated Information Exposure via ekit_widgetarea_content Function Patched CVE-2024-6455 5.3 stealthcopter July 18, 2024
Elements kit Elementor addons <= 3.1.4 - Missing Authorization Patched CVE-2024-37255 5.3 Rafie Muhammad June 27, 2024
ElementsKit Elementor addons 3.0.7 - 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget Patched CVE-2024-3650 6.4 wesley (wcraft) April 30, 2024
ElementsKit Elementor addons <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Onepage Scroll Module Patched CVE-2024-3499 8.8 Webbernaut April 22, 2024
ElementsKit Elementor addons Lite <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-32505 6.4 Ngô Thiên An (ancorn_) April 15, 2024
ElementsKit Elementor addons <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget Patched CVE-2024-2803 6.4 Webbernaut April 3, 2024
ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-1238 6.4 wesley (wcraft) March 29, 2024
ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Local File Inclusion in render_raw Patched CVE-2024-2047 8.8 wesley (wcraft) March 29, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation