Leap13

By the Year

In 2026 there have been 1 vulnerability in Leap13 with an average score of 5.4 out of ten. Last year, in 2025 Leap13 had 6 security vulnerabilities published. Right now, Leap13 is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.58

Recent Leap13 Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2025-69300	Jan 22, 2026	Missing Auth in Premium Addons for Elementor <=4.11.63 Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.63.	Premium Addons For Elementor
CVE-2025-68494	Dec 24, 2025	Leap13 Premium Addons for Elementor <=4.11.53: Sensitive Info Leak (Elementor Premium Addons) Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.53.	Premium Addons For Elementor
CVE-2025-14163	Dec 23, 2025	Premium Addons for Elementor 4.11.53 CSRF allows arbitrary template creation The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the 'insert_inner_template' function. This makes it possible for unauthenticated attackers to create arbitrary Elementor templates via a forged request granted they can trick a site administrator or other user with the edit_posts capability into performing an action such as clicking on a link.	Premium Addons
CVE-2025-14155	Dec 23, 2025	Premium Addons for Elementor <4.11.53 Unauth Data Access via get_template_content The Premium Addons for Elementor Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_template_content' function in all versions up to, and including, 4.11.53. This makes it possible for unauthenticated attackers to view the content of private, draft, and pending templates.	Premium Addons
CVE-2024-11937	Jul 04, 2025	Premium Addons Elementor v4.10.69: Stored XSS via Mobile Menu linkURL The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's linkURL in the Mobile Menu element in all versions up to, and including, 4.10.69 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	Premium Addons For Elementor Premium Addons
CVE-2025-4774	Jun 10, 2025	Premium Addons for Elementor 4.11.8: Stored XSS via Countdown widget The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	Premium Addons For Elementor Premium Addons
CVE-2024-56245	Jan 02, 2025	WP Stored XSS in Leap13 Premium Blocks <=2.1.42 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Blocks Gutenberg Blocks for WordPress premium-blocks-for-gutenberg allows Stored XSS.This issue affects Premium Blocks Gutenberg Blocks for WordPress: from n/a through <= 2.1.42.	Premium Blocks For Gutenberg
CVE-2024-56225	Dec 31, 2024	Leap13 Premium Addons for Elementor: Missing Authorization Vulnerability Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through <= 4.10.56.	Premium Addons For Elementor
CVE-2024-10266	Oct 29, 2024	Stored XSS in Premium Addons for Elementor Video Box v4.10.60 The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Box widget in all versions up to, and including, 4.10.60 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	Premium Addons For Elementor Premium Addons
CVE-2021-4445	Oct 16, 2024	WordPress Premium Addons for Elementor <=4.5.1 Arbitrary Option Update The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the pa_dismiss_admin_notice AJAX action. This makes it possible for authenticated subscriber+ attackers to change arbitrary options with a restricted value of 1 on vulnerable WordPress sites.	Premium Addons For Elementor Premium Addons