Vulnerabilities > Detheme > Dethemekit FOR Elementor > 2.1.8

DATE CVE VULNERABILITY TITLE RISK
2025-03-14 CVE-2025-1526 Cross-site Scripting vulnerability in Detheme Dethemekit for Elementor
The DethemeKit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the De Product Display Widget (countdown feature) in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping.
network
low complexity
detheme CWE-79
5.4
2025-02-17 CVE-2025-26772 Cross-site Scripting vulnerability in Detheme Dethemekit for Elementor
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Detheme DethemeKit For Elementor allows Stored XSS.
network
low complexity
detheme CWE-79
5.4