Vulnerabilities > Nicheaddons
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-19 | CVE-2024-13854 | Improper Access Control vulnerability in Nicheaddons Education Addon The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naedu_elementor_template shortcode due to missing validation on a user controlled key. | 4.3 |
| 2024-11-10 | CVE-2024-51581 | Cross-site Scripting vulnerability in Nicheaddons Restaurant & Cafe Addon for Elementor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Stored XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.6. | 5.4 |
| 2024-11-09 | CVE-2024-51585 | Cross-site Scripting vulnerability in Nicheaddons Sales Page Addon Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Sales Page Addon – Elementor & Beaver Builder allows Stored XSS.This issue affects Sales Page Addon – Elementor & Beaver Builder: from n/a through 1.4.2. | 5.4 |
| 2023-11-30 | CVE-2023-47827 | Unspecified vulnerability in Nicheaddons Events Addon for Elementor Incorrect Authorization vulnerability in NicheAddons Events Addon for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Events Addon for Elementor: from n/a through 2.1.3. | 7.5 |