Elementinvader: >> Elementinvader Addons For Elementor >> 1.3.0 Security Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.3.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-01-24
Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.1.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-01-24
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows DOM-Based XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.0.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-01-24
The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract arbitrary options from the wp_options table.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-12-12