Premium addons for elementor – powerful elementor templates & widgets

This hub aggregates every CVE we track for Premium addons for elementor – powerful elementor templates & widgets, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Web & CMS Pluginson-premcms plugin

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM27LOW1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Premium addons for elementor – powerful elementor templates & widgets.

CVE-2026-4790Premium Addons for Elementor <= 4.11.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_svg' Parameter5.4May 2, 2026
CVE-2025-14163Premium Addons for Elementor <= 4.11.53 - Cross-Site Request Forgery via 'insert_inner_template'4.3Dec 23, 2025
CVE-2025-14155Premium Addons for Elementor <= 4.11.53 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'get_template_content'5.3Dec 23, 2025
CVE-2024-11937Premium Addons for Elementor <= 4.10.69 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4Jul 4, 2025
CVE-2025-4774Premium Addons for Elementor <= 4.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget6.4Jun 10, 2025
CVE-2024-10266Premium Addons for Elementor <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Video Box Widget6.4Oct 29, 2024
CVE-2021-4445Premium Addons for Elementor <= 4.5.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update6.5Oct 16, 2024
CVE-2024-8681Premium Addons for Elementor <= 4.10.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Media Grid Widget6.4Sep 27, 2024
CVE-2024-6824Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update4.3Aug 8, 2024
CVE-2024-6495Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget6.4Jul 12, 2024
CVE-2024-6434Premium Addons for Elementor <= 4.10.35 - Regular Expressions Denial of Service3.1Jul 4, 2024
CVE-2024-6340Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget6.4Jul 3, 2024
CVE-2024-5553Premium Addons for Elementor <= 4.10.33 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting4.4Jun 12, 2024
CVE-2024-4379Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Global Tooltip5.4May 31, 2024
CVE-2024-4376Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget6.4May 31, 2024

Product normalization is registry-driven with AI assist and human review. How it works