Vulnerabilities > Nicheaddons
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-19 | CVE-2024-13854 | Improper Access Control vulnerability in Nicheaddons Education Addon The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naedu_elementor_template shortcode due to missing validation on a user controlled key. | 4.3 |
| 2024-12-09 | CVE-2023-47826 | Unspecified vulnerability in Nicheaddons Restaurant & Cafe Addon for Elementor Missing Authorization vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.3. | 9.8 |
| 2024-12-03 | CVE-2024-12062 | Authorization Bypass Through User-Controlled Key vulnerability in Nicheaddons Charity Addon for Elementor The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-19 | CVE-2024-51938 | Cross-site Scripting vulnerability in Nicheaddons Charity Addon for Elementor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Charity Addon for Elementor allows DOM-Based XSS.This issue affects Charity Addon for Elementor: from n/a through 1.3.2. | 5.4 |
| 2024-11-10 | CVE-2024-51581 | Cross-site Scripting vulnerability in Nicheaddons Restaurant & Cafe Addon for Elementor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Stored XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.6. | 5.4 |
| 2024-11-09 | CVE-2024-51585 | Cross-site Scripting vulnerability in Nicheaddons Sales Page Addon Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Sales Page Addon – Elementor & Beaver Builder allows Stored XSS.This issue affects Sales Page Addon – Elementor & Beaver Builder: from n/a through 1.4.2. | 5.4 |
| 2024-10-17 | CVE-2024-49259 | Cross-site Scripting vulnerability in Nicheaddons Primary Addon for Elementor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.8. | 5.4 |
| 2024-10-17 | CVE-2024-49264 | Cross-site Scripting vulnerability in Nicheaddons Events Addon for Elementor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Events Addon for Elementor allows Stored XSS.This issue affects Events Addon for Elementor: from n/a through 2.2.0. | 5.4 |
| 2024-10-06 | CVE-2024-44026 | Cross-site Scripting vulnerability in Nicheaddons Charity Addon for Elementor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Charity Addon for Elementor allows Stored XSS.This issue affects Charity Addon for Elementor: from n/a through 1.3.0. | 5.4 |
| 2024-10-06 | CVE-2024-44032 | Cross-site Scripting vulnerability in Nicheaddons Restaurant & Cafe Addon for Elementor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Stored XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.5. | 5.4 |