Elementskit elementor addons – advanced widgets & templates addons for elementor

This hub aggregates every CVE we track for Elementskit elementor addons – advanced widgets & templates addons for elementor, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Web & CMS Pluginson-premcms plugin

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM16HIGH2CRITICAL1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Elementskit elementor addons – advanced widgets & templates addons for elementor.

CVE-2026-4362ElementsKit Elementor Addons <= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite6.5May 5, 2026
CVE-2026-2600ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget6.4Apr 4, 2026
CVE-2026-23693ElementsKit Elementor Addons < 3.7.9 Unauthenticated Mailchimp REST Endpoint10.0Feb 23, 2026
CVE-2025-3614ElementsKit Elementor Addons and Templates <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget6.4Jul 24, 2025
CVE-2025-4479ElementsKit Lite <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget6.4Jun 19, 2025
CVE-2024-11180ElementsKit Elementor addons <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4Mar 29, 2025
CVE-2025-0968ElementsKit Elementor addons <= 3.4.0 - Unauthenticated Information Exposure via get_megamenu_content Function5.3Feb 19, 2025
CVE-2025-1005ElementsKit Elementor addons <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget6.4Feb 15, 2025
CVE-2024-10091ElementsKit Elementor addons <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget6.4Oct 26, 2024
CVE-2024-8546ElementsKit Elementor addons <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget6.4Sep 25, 2024
CVE-2024-6455ElementsKit Elementor addons <= 3.2.0 - Unauthenticated Information Exposure via ekit_widgetarea_content Function5.3Jul 18, 2024
CVE-2024-3499ElementsKit Elementor addons <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Onepage Scroll Module8.8May 2, 2024
CVE-2024-2803ElementsKit Elementor addons <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget6.4Apr 4, 2024
CVE-2024-1238ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4Mar 30, 2024
CVE-2024-2047ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Local File Inclusion in render_raw8.8Mar 30, 2024

Product normalization is registry-driven with AI assist and human review. How it works