🔎 Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

Information

Software Type	Plugin
Software Slug	magical-addons-for-elementor (view on wordpress.org)
Software Status	Active
Software Author	nalam-1
Software Downloads	151,229
Software Active Installs	5,000
Software Record Last Updated	July 27, 2024

5 Vulnerabilities

Magical Addons For Elementor <= 1.1.41 - Authenticated (Subscriber+) Server-Side Request Forgery

6.4

CVE-2024-38730

Jul 11, 2024

Researcher: Majed Refaea

Magical Addons For Elementor <= 1.1.41 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-38681

Jul 10, 2024

Researcher: SouzaZinn

Magical Addons For Elementor <= 1.1.39 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-5161

Jun 5, 2024

Researcher: stealthcopter

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) <= 1.1.34 - Authenticated (Contributor+) Stored Cross-Site Scripting

4.3

CVE-2024-34547

May 7, 2024

Researcher: Khalid

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) <= 1.1.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Effect Widget

6.4

CVE-2024-2923

May 6, 2024

Researcher: João G. Barbosa (4rCanJ0x!)

Title	Status	CVE ID	CVSS	Researchers	Date
Magical Addons For Elementor <= 1.1.41 - Authenticated (Subscriber+) Server-Side Request Forgery	Patched	CVE-2024-38730	6.4	Majed Refaea	July 11, 2024
Magical Addons For Elementor <= 1.1.41 - Authenticated (Contributor+) Stored Cross-Site Scripting	Unpatched	CVE-2024-38681	6.4	SouzaZinn	July 10, 2024
Magical Addons For Elementor <= 1.1.39 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-5161	6.4	stealthcopter	June 5, 2024
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) <= 1.1.34 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-34547	4.3	Khalid	May 7, 2024
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) <= 1.1.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Effect Widget	Patched	CVE-2024-2923	6.4	João G. Barbosa (4rCanJ0x!)	May 6, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation