Vulnerabilities > Athemes > Athemes Addons FOR Elementor > 1.0.4

DATE CVE VULNERABILITY TITLE RISK
2025-04-10 CVE-2025-32158 PHP Remote File Inclusion vulnerability in Athemes Addons for Elementor
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aThemes aThemes Addons for Elementor.
network
low complexity
athemes CWE-98
8.8
8.8
2025-03-27 CVE-2025-22646 Cross-site Scripting vulnerability in Athemes Addons for Elementor
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aThemes aThemes Addons for Elementor allows Stored XSS.This issue affects aThemes Addons for Elementor: from n/a through 1.0.8.
network
low complexity
athemes CWE-79
5.4
5.4
2025-02-01 CVE-2024-13547 Cross-site Scripting vulnerability in Athemes Addons for Elementor
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping.
network
low complexity
athemes CWE-79
5.4
5.4
2024-11-09 CVE-2024-51675 Cross-site Scripting vulnerability in Athemes Addons for Elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in aThemes aThemes Addons for Elementor allows DOM-Based XSS.This issue affects aThemes Addons for Elementor: from n/a through 1.0.7.
network
low complexity
athemes CWE-79
5.4
5.4