ElementsKit Elementor addons Lite

Roxnor

Developer

3.8.2

Latest version

2,000,000

Installations

No date

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

0 present

22 patched

3 Mitigation rules

Unauthenticated Mailchimp REST Endpoint vulnerability
< 3.7.9
24/02/2026
Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget vulnerability
<= 3.5.2
31/12/2025
Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget vulnerability
<= 3.5.2
19/06/2025
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 3.4.7
29/03/2025
Unauthenticated Information Exposure via get_megamenu_content Function vulnerability
<= 3.4.0
19/02/2025
Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget vulnerability
<= 3.4.0
14/02/2025
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 3.2.9
25/10/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget vulnerability
<= 3.2.7
25/09/2024
Unauthenticated Information Exposure via ekit_widgetarea_content Function vulnerability
<= 3.2.0
18/07/2024
Unauthenticated Broken Access Control vulnerability
<= 3.1.4
27/06/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget vulnerability
<= 3.1.2
01/05/2024
Authenticated (Contributor+) Local File Inclusion via Onepage Scroll Module vulnerability
<= 3.1.0
24/04/2024
Cross Site Scripting (XSS) vulnerability
<= 3.0.6
15/04/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability
<= 3.0.7
04/04/2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 3.0.6
01/04/2024
Authenticated (Contributor+) Local File Inclusion in render_raw vulnerability
<= 3.0.6
01/04/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget vulnerability
<= 3.0.5
18/03/2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 3.0.4
18/03/2024
Authenticated(Editor+) Stored Cross-Site Scripting vulnerability
<= 3.0.3
18/03/2024
Unauthenticated Sensitive Information Exposure vulnerability
<= 3.0.3
08/01/2024
Broken Access Control vulnerability
<= 2.9.0
23/08/2023
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
<= 2.1.7
13/04/2021