Vulnerabilities > Wpmet > Elementskit Elementor Addons > 1.4.4

DATE CVE VULNERABILITY TITLE RISK
2025-02-19 CVE-2025-0968 Missing Authorization vulnerability in Wpmet Elementskit Elementor Addons
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function.
network
low complexity
wpmet CWE-862
5.3
5.3
2025-02-15 CVE-2025-1005 Cross-site Scripting vulnerability in Wpmet Elementskit Elementor Addons
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion widget in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
wpmet CWE-79
5.4
5.4
2024-03-16 CVE-2023-6525 Cross-site Scripting vulnerability in Wpmet Elementskit Elementor Addons
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping.
network
low complexity
wpmet CWE-79
4.8
4.8