Bunch Of Elementor Addons Patched With Serious Vulnerabilities
https://www.wordfence.com15 of the most popular addon plugins for Elementor, which are collectively installed on over 3.5 million sites had some serious Cross-Site Scripting vulnerabilities patched recently. They allowed any user able to access the Elementor editor, including contributors, to add JavaScript to posts. This JavaScript would be executed if the post was viewed, edited, or previewed by any other site user, and could be used to take over a site if the victim was an administrator.
Essential Addons for Elementor (essential-addons-for-elementor-lite), 1M+ Installations
Versions < 4.5.4 are vulnerable, patched in version 4.5.4
Elementor – Header, Footer & Blocks Template (header-footer-elementor), 1M+ Installations
Versions < 1.5.8 are vulnerable, patched in version 1.5.8
Ultimate Addons for Elementor (ultimate-elementor), 600k+ Installations
Versions < 1.30.0 are vulnerable, patched in version 1.30.0
Premium Addons for Elementor (premium-addons-for-elementor), 400k+ Installations
Versions < 4.2.8 are vulnerable, patched in version 4.2.8
ElementsKit (elementskit-lite) and ElementsKit Pro (elementskit), 300k+ Installations
Versions < 2.2.0 are vulnerable, patched in version 2.2.0
Elementor Addon Elements (addon-elements-for-elementor-page-builder), 100k+ Installations
Versions < 1.11.2 are vulnerable, patched in version 1.11.2
Livemesh Addons for Elementor (addons-for-elementor), 100k+ Installations
Versions < 6.8 are vulnerable, patched in version 6.8
HT Mega – Absolute Addons for Elementor Page Builder (ht-mega-for-elementor), 70k+ Installations
Versions < 1.5.7 are vulnerable, patched in version 1.5.7
WooLentor – WooCommerce Elementor Addons + Builder (woolentor-addons), 50k+ Installations
Versions < 1.8.6 are vulnerable, patched in version 1.8.6
PowerPack Addons for Elementor (powerpack-lite-for-elementor), 50k+ Installations
Versions < 2.3.2 are vulnerable, patched in version 2.3.2
Image Hover Effects – Elementor Addon (image-hover-effects-addon-for-elementor), 40k+ Installations
Versions < 1.3.4 are vulnerable, patched in version 1.3.4
Rife Elementor Extensions & Templates (rife-elementor-extensions), 30k+ Installations
Versions < 1.1.6 are vulnerable, patched in version 1.1.6
The Plus Addons for Elementor Page Builder Lite (the-plus-addons-for-elementor-page-builder), 30k+ Installations
Versions < 2.0.6 are vulnerable, patched in version 2.0.6
All-in-One Addons for Elementor – WidgetKit (widgetkit-for-elementor), 20k+ Installations
Versions < 2.3.10 are vulnerable, patched in version 2.3.10
JetWidgets For Elementor (jetwidgets-for-elementor), 10k+ Installations
Versions < 1.0.9 are vulnerable, patched in version 1.0.9
Sina Extension for Elementor (sina-extension-for-elementor), 10k+ Installations
Versions < 3.3.12 are vulnerable, patched in version 3.3.12
DethemeKit For Elementor (dethemekit-for-elementor), 8k+ Installations
Versions < 1.5.5.5 are vulnerable, patched in version 1.5.5.5
