Vulnerabilities > Elementinvader
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-24 | CVE-2025-24578 | Cross-site Scripting vulnerability in Elementinvader Addons for Elementor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows DOM-Based XSS. | 5.4 |
| 2025-01-24 | CVE-2025-24618 | Missing Authorization vulnerability in Elementinvader Addons for Elementor Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. | 8.8 |
| 2025-01-24 | CVE-2025-24729 | Cross-site Scripting vulnerability in Elementinvader Addons for Elementor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS. | 5.4 |
| 2025-01-15 | CVE-2025-22786 | Path Traversal: '.../...//' vulnerability in Elementinvader Addons for Elementor Path Traversal vulnerability in ElementInvader ElementInvader Addons for Elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.6. | 8.8 |
| 2024-12-12 | CVE-2024-12059 | Authorization Bypass Through User-Controlled Key vulnerability in Elementinvader Addons for Elementor The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode. | 4.3 |
| 2024-10-19 | CVE-2024-9889 | Unspecified vulnerability in Elementinvader Addons for Elementor The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9 via the Page Loader widget. | 4.3 |
| 2024-10-16 | CVE-2024-9888 | Cross-site Scripting vulnerability in Elementinvader Addons for Elementor The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget redirect URL in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-05 | CVE-2024-47630 | Cross-site Scripting vulnerability in Elementinvader Addons for Elementor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.7. | 5.4 |
| 2024-07-20 | CVE-2024-38705 | Unspecified vulnerability in Elementinvader Addons for Elementor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.4. | 5.4 |