Elementor Addon Elements

WPVibes

Developer

1.14.5

Latest version

90,000

Installations

No date

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

0 present

31 patched

4 Mitigation rules

Authenticated (Contributor+) Stored Cross-Site Scripting via Thumbnail Slider Widget vulnerability
<= 1.12.12
02/02/2026
Authenticated (Contributor+) Stored Cross-Site Scripting via Dual Button Widget vulnerability
<= 1.12.12
02/02/2026
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 1.13.2
02/02/2026
Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Widget vulnerability
<= 1.13.3
02/02/2026
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 1.13.5
02/02/2026
Authenticated (Contributor+) Stored Cross-Site Scripting via id and eae_slider_animation Parameters vulnerability
<= 1.13.5
02/02/2026
Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
<= 1.13.6
02/02/2026
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 1.14.3
15/12/2025
Sensitive Data Exposure vulnerability
<= 1.14.4
28/08/2025
Authenticated (Contributor+) Sensitive Information Exposure via Modal Popup vulnerability
<= 1.13.10
15/01/2025
Authenticated (Contributor+) Sensitive Information Exposure via table_saved_sections vulnerability
<= 1.13.8
14/10/2024
Cross Site Scripting (XSS) vulnerability
<= 1.13.6
30/09/2024
Broken Access Control vulnerability
<= 1.13.6
30/09/2024
Contributor+ Stored Cross-Site Scripting vulnerability
<= 1.13.5
27/06/2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 1.13.3
29/04/2024
Cross Site Scripting (XSS) vulnerability
<= 1.13.1
28/03/2024
Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Text Separator' and 'Image Compare' Widget vulnerability
<= 1.13.2
28/03/2024
Cross Site Scripting (XSS) vulnerability
<= 1.12.10
15/03/2024
Authenticated(Contributor+) Stored Cross-Site Scripting via Modal Popup effet vulnerability
<= 1.12.12
22/02/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Content Switcher Widget vulnerability
<= 1.12.12
22/02/2024
Directory Traversal to Local File Inclusion vulnerability
<= 1.12.12
22/02/2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 1.12.11
06/02/2024
Cross-Site Request Forgery vulnerability
<= 1.12.7
15/11/2023
Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
<= 1.12.7
15/11/2023
Missing Authorization to Sensitive Information Exposure vulnerability
<= 1.12.7
15/11/2023
Cross-Site Request Forgery vulnerability
<= 1.12.7
15/11/2023
Reflected Cross Site Scripting (XSS) vulnerability
<= 1.11.16
19/07/2023
Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
< 1.11.14
28/02/2022
Sensitive Information Disclosure vulnerability
< 1.11.14
28/02/2022
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
<= 1.11.1
13/04/2021
Reflected Cross-Site Scripting (XSS) vulnerability
<= 1.6.3
09/09/2020