Vulnerabilities > Elementinvader > Elementinvader Addons FOR Elementor > 1.3.0

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-24	CVE-2025-24578	Cross-site Scripting vulnerability in Elementinvader Addons for Elementor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows DOM-Based XSS. network low complexity elementinvader CWE-79	5.4
2025-01-24	CVE-2025-24618	Missing Authorization vulnerability in Elementinvader Addons for Elementor Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. network low complexity elementinvader CWE-862	8.8
2025-01-24	CVE-2025-24729	Cross-site Scripting vulnerability in Elementinvader Addons for Elementor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS. network low complexity elementinvader CWE-79	5.4
2024-12-12	CVE-2024-12059	Authorization Bypass Through User-Controlled Key vulnerability in Elementinvader Addons for Elementor The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode. network low complexity elementinvader CWE-639	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.