Vulnerabilities > Leap13 > Premium Addons FOR Elementor > 4.10.37

DATE CVE VULNERABILITY TITLE RISK
2024-12-31 CVE-2024-56225 Missing Authorization vulnerability in Leap13 Premium Addons for Elementor
Missing Authorization vulnerability in Leap13 Premium Addons for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through 4.10.56.
network
low complexity
leap13 CWE-862
8.8
8.8
2024-10-29 CVE-2024-10266 Cross-site Scripting vulnerability in Leap13 Premium Addons for Elementor
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Box widget in all versions up to, and including, 4.10.60 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
leap13 CWE-79
5.4
5.4
2024-09-27 CVE-2024-8681 Cross-site Scripting vulnerability in Leap13 Premium Addons for Elementor
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Grid widget in all versions up to, and including, 4.10.52 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
leap13 CWE-79
5.4
5.4
2024-08-08 CVE-2024-6824 Missing Authorization vulnerability in Leap13 Premium Addons for Elementor
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'check_temp_validity' and 'update_template_title' functions in all versions up to, and including, 4.10.38.
network
low complexity
leap13 CWE-862
4.3
4.3