Posimyth Posimyth

  1. Vendors
  2. Posimyth

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Posimyth product.

RSS Feeds for Posimyth security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Posimyth products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Posimyth Sorted by Most Security Vulnerabilities since 2018

Posimyth The Plus Addons For Elementor37 vulnerabilities

Posimyth Plus Addons Block Editor7 vulnerabilities

Posimyth Plus Addons Elementor Page Builder6 vulnerabilities

Posimyth Nexter Extension2 vulnerabilities

Posimyth Uichemy2 vulnerabilities

Posimyth Nexter1 vulnerability

Posimyth Nexter Blocks1 vulnerability

Posimyth Plus Addons Elementor Page Builder Lite1 vulnerability

Posimyth Wdesignkit1 vulnerability

By the Year

In 2026 there have been 5 vulnerabilities in Posimyth with an average score of 6.8 out of ten. Last year, in 2025 Posimyth had 6 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Posimyth in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.40.




Year Vulnerabilities Average Score
2026 5 6.75
2025 6 5.35
2024 30 6.41
2023 5 7.68
2022 2 8.65
2021 5 6.54

It may take a day or so for new Posimyth vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Posimyth Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-39516 Apr 08, 2026
Nexter Blocks WP Plugin Vulnerability: Sensitive Data Exposure <=4.7.0 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.7.0.
Plus Addons Block Editor
CVE-2024-50452 Feb 20, 2026
WordPress Nexter Blocks <=3.3.3 Stored XSS via plus-addons-for-block-editor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Stored XSS.This issue affects Nexter Blocks: from n/a through <= 3.3.3.
Plus Addons Block Editor
CVE-2026-24377 Jan 22, 2026
Nexter Blocks <=4.6.3 Sensitive Data Exposure via theplusaddonsforblockeditor Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.6.3.
Plus Addons Block Editor
CVE-2025-69362 Jan 06, 2026
POSIMYTH UiChemy 4.4.2 Stored XSS Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH UiChemy uichemy allows Stored XSS.This issue affects UiChemy: from n/a through <= 4.4.2.
Uichemy
CVE-2024-23511 Jan 05, 2026
DOM-Based XSS in The Plus Addons for Elementor Page Builder Lite v5.3.3 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.3.3.
Plus Addons Elementor Page Builder
CVE-2025-62013 Oct 22, 2025
Missing Auth in POSIMYTH UiChemy <=4.0.0 (uichemy) Missing Authorization vulnerability in POSIMYTH UiChemy uichemy.This issue affects UiChemy: from n/a through <= 4.0.0.
Uichemy
CVE-2025-58251 Sep 22, 2025
Missing Auth in POSIMYTH Sticky Header Effects for Elementor < 2.1.2 Missing Authorization vulnerability in POSIMYTH Sticky Header Effects for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sticky Header Effects for Elementor: from n/a through 2.1.2.
CVE-2025-1287 Mar 08, 2025
WordPress Plus Addons for Elementor <=6.2.2 XSS via components The The Plus Addons for Elementor Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown, Syntax Highlighter, and Page Scroll widgets in all versions up to, and including, 6.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The Plus Addons For Elementor
CVE-2024-11829 Feb 01, 2025
Stored XSS in The Plus Addons for Elementor <=6.1.8 via Table Widget The The Plus Addons for Elementor Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Widget's searchable_label parameter in all versions up to, and including, 6.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The Plus Addons For Elementor
CVE-2024-56294 Jan 07, 2025
POSIMYTH Nexter Blocks 4.0.7 Missing Auth Access Control Missing Authorization vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks: from n/a through <= 4.0.7.
Plus Addons Block Editor
CVE-2024-56246 Jan 02, 2025
Nexter Blocks 4.0.4 DOM-XSS via unsanitized input Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows DOM-Based XSS.This issue affects Nexter Blocks: from n/a through <= 4.0.4.
Plus Addons Block Editor
CVE-2024-53811 Dec 06, 2024
WDesignkit 1.0.40: Unrestricted Upload Allows Web Shell Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit wdesignkit allows Upload a Web Shell to a Web Server.This issue affects WDesignkit: from n/a through <= 1.0.40.
Wdesignkit
CVE-2024-53823 Dec 06, 2024
DOMBased XSS in The Plus Addons for Elementor <=5.6.14 (WordPress) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through <= 5.6.14.
The Plus Addons For Elementor
Plus Addons Elementor Page Builder
CVE-2024-10365 Nov 20, 2024
The Plus Addons for Elementor: Sensitive Information Exposure in Multiple Widgets The The Plus Addons for Elementor Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in modules/widgets/tp_carousel_anything.php, modules/widgets/tp_page_scroll.php, and other widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
The Plus Addons For Elementor
CVE-2024-43932 Nov 01, 2024
Auth Bypass CVE-2024-43932 in The Plus Addons Lite (5.6.2) Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through <= 5.6.2.
The Plus Addons For Elementor
Plus Addons Elementor Page Builder
CVE-2024-8913 Oct 11, 2024
Sensitive Info Exposure in Plus Addons for Elementor <=5.6.11 The The Plus Addons for Elementor Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.11 via the render function in modules/widgets/tp_accordion.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
The Plus Addons For Elementor
CVE-2024-43977 Sep 17, 2024
The Plus Addons for Elementor Page Builder Lite <=5.6.2 Stored XSS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through <= 5.6.2.
The Plus Addons For Elementor
Plus Addons Elementor Page Builder
CVE-2024-5583 Aug 22, 2024
Plus Addons for Elementor 5.6.2 XSS via carousel_direction The The Plus Addons for Elementor Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel_direction parameter of testimonials widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The Plus Addons For Elementor
CVE-2024-5763 Aug 20, 2024
Stored XSS via video_date in Plus Addons for Elementor (5.6.2) The The Plus Addons for Elementor Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_date attribute within the plugin's Video widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The Plus Addons For Elementor
CVE-2024-6575 Aug 20, 2024
Stored XSS in Plus Addons for Elementor tp_page_scroll (5.6.2) The The Plus Addons for Elementor Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the res_width_value parameter within the plugin's tp_page_scroll widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The Plus Addons For Elementor
CVE-2024-4482 Jul 03, 2024
Plus Addons for Elementor XSS via Countdown Widget 5.6.1 The The Plus Addons for Elementor Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 5.6.1 due to insufficient input sanitization and output escaping on user supplied 'text_days' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The Plus Addons For Elementor
CVE-2024-4983 Jun 27, 2024
Stored XSS via video_color in Plus Addons for Elementor <5.6.0 WP The The Plus Addons for Elementor Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_color parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The Plus Addons For Elementor
CVE-2024-5455 Jun 21, 2024
Plus Addons LFI magazine_style 5.5.4 The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other safe file types can be uploaded and included.
The Plus Addons For Elementor
CVE-2024-5344 Jun 21, 2024
Plus Addons Elementor Reflected XSS in forgoturl WP Login Widget 5.5.6 The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the forgoturl attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
The Plus Addons For Elementor
CVE-2024-33572 Jun 09, 2024
Missing Auth in The Plus Blocks for Block Editor (3.2.5) Missing Authorization vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor.This issue affects Nexter Blocks: from n/a through <= 3.2.5.
Nexter Blocks
Plus Addons Block Editor
CVE-2024-35709 Jun 08, 2024
Stored XSS in The Plus Addons for Elementor Page Builder Lite v5.5.4 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through <= 5.5.4.
The Plus Addons For Elementor
Plus Addons Elementor Page Builder
CVE-2024-5341 May 30, 2024
PlusAddons for Elementor 5.5.4 Stored XSS via Heading Title 'size' The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The Plus Addons For Elementor
CVE-2024-4484 May 24, 2024
XSS in The Plus Addons for Elementor v5.5.2 via xai_username The The Plus Addons for Elementor Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the xai_username parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The Plus Addons For Elementor
CVE-2024-4485 May 24, 2024
Plus Addons for Elementor <=5.5.2 XSS via button_custom_attrs The The Plus Addons for Elementor Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button_custom_attributes parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The Plus Addons For Elementor
CVE-2024-3718 May 24, 2024
WordPress Plus Addons for Elementor 5.5.4 Stored XSS via Widget Attrs The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-35709 is likely a duplicate of this issue.
The Plus Addons For Elementor
CVE-2024-2784 May 24, 2024
Plus Addons for Elementor 5.5.4 XSS via Hover Card widget The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Hover Card widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The Plus Addons For Elementor
CVE-2023-47178 May 17, 2024
The Plus Addons for Elementor Pro 5.2.8 LFI via Path Traversal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through 5.2.8.
The Plus Addons For Elementor
CVE-2024-2785 May 14, 2024
WordPress Plugin XSS: Plus Addons for Elementor 5.4.2 AgeGate widget The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The Plus Addons For Elementor
CVE-2024-0445 May 14, 2024
Stored XSS in Plus Addons for Elementor <5.4.2 via element attributes The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's element attributes in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-34373 is likely a duplicate of this issue.
The Plus Addons For Elementor
CVE-2024-34373 May 06, 2024
Pre-5.4.2 The Plus Addons for Elementor Stored XSS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through <= 5.4.2.
The Plus Addons For Elementor
Plus Addons Elementor Page Builder
CVE-2024-3197 May 02, 2024
Plus Addons Elementor WP: Stored XSS <=5.4.2 via custom attrs The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in the plugin's widgets in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The Plus Addons For Elementor
CVE-2024-3199 May 02, 2024
Stored XSS in Plus Addons Elementor (5.4.2) via Countdown Widget The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The Plus Addons For Elementor
CVE-2024-30435 Mar 29, 2024
#XSS in The Plus Blocks for Block Editor | Gutenberg <=3.2.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor.This issue affects Nexter Blocks: from n/a through <= 3.2.5.
Plus Addons Block Editor
CVE-2024-2210 Mar 27, 2024
LFI in Plus Addons for Elementor 5.4.1 via Team Member Listing widget The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other safe file types can be uploaded and included.
The Plus Addons For Elementor
CVE-2024-2203 Mar 27, 2024
LFI via Clients widget in Plus Addons for Elementor <=5.4.1 The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other safe file types can be uploaded and included.
The Plus Addons For Elementor
CVE-2024-1419 Mar 07, 2024
Plus Addons 5.4.0 WordPress Stored XSS via Header Meta Content widget The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute of the Header Meta Content widget in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The Plus Addons For Elementor
CVE-2023-45751 Dec 29, 2023
Code Injection in POSIMYTH Nexter Extension <2.0.3 Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3.
Nexter Extension
CVE-2023-45657 Nov 06, 2023
Nexter SQLi Vulnerability in POSIMYTH Nexter 2.0.3 (before 2.0.4) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3.
Nexter
CVE-2023-45750 Oct 25, 2023
Unauth. Reflected XSS in POSIMYTH Nexter Ext <= 2.0.3 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in POSIMYTH Nexter Extension plugin <= 2.0.3 versions.
Nexter Extension
CVE-2021-4331 Mar 07, 2023
PrivEsc: Plus Addons Elementor Plugin 4.1.9/2.0.6 Role Escalation The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to set as the default for users upon registration. This field is not hidden for lower-level users so any user with access to the Elementor page builder, such as contributors, can set the default role to administrator. Since contributors can not publish posts, only author+ users can elevate privileges without interaction via a site administrator (to approve a post).
The Plus Addons For Elementor
CVE-2021-4332 Mar 07, 2023
Arbitrary File Read in Plus Addons for Elementor v4.1.9/2.0.6 via SVG Param The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the plugin used file_get_contents with no verification that the file being supplied was an SVG file, so any user with access to the Elementor page builder, such as contributors, could read arbitrary files on the WordPress installation.
The Plus Addons For Elementor
CVE-2021-24948 Jan 10, 2022
The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts
The Plus Addons For Elementor
CVE-2021-24949 Jan 10, 2022
The "WP Search Filters" widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement The "WP Search Filters" widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection
The Plus Addons For Elementor
CVE-2021-24351 Jun 14, 2021
The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting (exploitable on both unauthenticated and authenticated users)
The Plus Addons For Elementor
CVE-2021-24358 Jun 14, 2021
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.
The Plus Addons For Elementor
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.