Vulnerabilities > Brainstormforce > Ultimate Addons FOR Elementor > 1.9.1

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-05	CVE-2021-24271	Cross-site Scripting vulnerability in Brainstormforce Ultimate Addons for Elementor The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. network brainstormforce CWE-79	3.5
2020-05-17	CVE-2020-13125	Incorrect Permission Assignment for Critical Resource vulnerability in Brainstormforce Ultimate Addons for Elementor An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. network low complexity brainstormforce CWE-732	6.4

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.