🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Information

Software Type	Plugin
Software Slug	essential-addons-for-elementor-lite (view on wordpress.org)
Software Status	Active
Software Author	wpdevteam
Software Website	essential-addons.com
Software Downloads	74,060,880
Software Active Installs	2,000,000
Software Record Last Updated	May 18, 2024

Showing 1-20 of 31 Vulnerabilities

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.20 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-4624

May 13, 2024

Researcher: wesley (wcraft)

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table'

6.5

CVE-2024-4448

May 9, 2024

Researcher: stealthcopter

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Interactive Circles'

6.4

CVE-2024-4275

May 9, 2024

Researcher: Ngô Thiên An (ancorn_)

Essential Addons for Elementor <= 5.9.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Several Widgets

6.4

CVE-2024-4449

May 9, 2024

Researcher: Webbernaut

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.17 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-4156

Apr 30, 2024

Researcher: wesley (wcraft)

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Information Exposure

5.3

CVE-2024-3733

Apr 24, 2024

Researcher: Webbernaut

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery & Interactive Circle

6.4

CVE-2024-3728

Apr 24, 2024

Researcher: stealthcopter

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-4003

Apr 24, 2024

Researcher: Ngô Thiên An (ancorn_)

Essential Addons for Elementor <= 5.9.14 - Authenticated (Contributor+) Store Cross-Site Scripting via Widget URL Attribute

6.4

CVE-2024-3333

Apr 16, 2024

Researcher: Ngô Thiên An (ancorn_)

Essential Addons for Elementor <= 5.9.13 - Authenticated (Author+) PHP Object Injection via error_resetpassword

8.8

CVE-2024-3018

Mar 29, 2024

Researcher: Ngô Thiên An (ancorn_)

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.13 - Unauthenticated Sensitive Information Exposure

5.3

CVE-2024-2974

Mar 29, 2024

Researcher: Ankit Patel

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-2650

Mar 25, 2024

Researchers: Ngô Thiên An (ancorn_), ST

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-2623

Mar 25, 2024

Researcher: Webbernaut

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Data Table

6.4

CVE-2024-1537

Mar 11, 2024

Researcher: wesley (wcraft)

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar

7.4

CVE-2024-1536

Mar 11, 2024

Researcher: Webbernaut

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery

5.4

CVE-2024-1171

Feb 12, 2024

Researcher: Nikolas

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion

5.4

CVE-2024-1172

Feb 12, 2024

Researcher: wesley (wcraft)

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-1276

Feb 12, 2024

Researcher: RandomRoot

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-1236

Feb 12, 2024

Researcher: Webbernaut

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-0954

Feb 1, 2024

Researcher: Webbernaut

Title	Status	CVE ID	CVSS	Researchers	Date
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.20 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-4624	6.4	wesley (wcraft)	May 13, 2024
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table'	Patched	CVE-2024-4448	6.5	stealthcopter	May 9, 2024
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Interactive Circles'	Patched	CVE-2024-4275	6.4	Ngô Thiên An (ancorn_)	May 9, 2024
Essential Addons for Elementor <= 5.9.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Several Widgets	Patched	CVE-2024-4449	6.4	Webbernaut	May 9, 2024
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.17 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-4156	6.4	wesley (wcraft)	April 30, 2024
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Information Exposure	Patched	CVE-2024-3733	5.3	Webbernaut	April 24, 2024
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery & Interactive Circle	Patched	CVE-2024-3728	6.4	stealthcopter	April 24, 2024
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-4003	6.4	Ngô Thiên An (ancorn_)	April 24, 2024
Essential Addons for Elementor <= 5.9.14 - Authenticated (Contributor+) Store Cross-Site Scripting via Widget URL Attribute	Patched	CVE-2024-3333	6.4	Ngô Thiên An (ancorn_)	April 16, 2024
Essential Addons for Elementor <= 5.9.13 - Authenticated (Author+) PHP Object Injection via error_resetpassword	Patched	CVE-2024-3018	8.8	Ngô Thiên An (ancorn_)	March 29, 2024
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.13 - Unauthenticated Sensitive Information Exposure	Patched	CVE-2024-2974	5.3	Ankit Patel	March 29, 2024
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-2650	6.4	Ngô Thiên An (ancorn_), ST	March 25, 2024
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-2623	6.4	Webbernaut	March 25, 2024
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Data Table	Patched	CVE-2024-1537	6.4	wesley (wcraft)	March 11, 2024
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar	Patched	CVE-2024-1536	7.4	Webbernaut	March 11, 2024
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery	Patched	CVE-2024-1171	5.4	Nikolas	February 12, 2024
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion	Patched	CVE-2024-1172	5.4	wesley (wcraft)	February 12, 2024
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-1276	6.4	RandomRoot	February 12, 2024
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-1236	6.4	Webbernaut	February 12, 2024
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-0954	6.4	Webbernaut	February 1, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation