Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 24 known issues Latest disclosed May 04, 2026

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor Vulnerabilities

Q: How many ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor vulnerabilities have patch guidance?

24 of 24 tracked ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor records include a published patch path.

Review known vulnerability records for the WordPress plugin ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor (`elementskit-lite`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-4362, CVE-2026-2600 and CVE-2026-23693, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

May 04, 2026

Related Security Guides

Use these guides while reviewing ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor fixes

Pair this plugin vulnerability hub with practical WordPress hardening, scanner, and patch workflow guidance.

Hardening

WordPress hardening checklist for exposed plugins

Review patch cadence, privileged access, XML-RPC exposure, backups, and monitoring controls.

Plugin Security

WordPress plugin security basics for patch decisions

Use ownership, update testing, least privilege, and removal criteria to reduce plugin risk.

Scanning

WordPress vulnerability scanner buyer's guide

Compare scanner coverage for plugin CVEs, version detection, alert noise, and remediation workflow.

Patch Decision Workflow

How to prioritize ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor remediation

Use the hub as a decision layer before opening individual records: confirm whether the issue has a CVE, whether a fixed version exists, and whether the affected range overlaps production installs.

Search-Ready Records

1. Match the Package

Confirm the installed WordPress plugin slug is elementskit-lite before acting on any CVE from this cluster.

2. Sort by Severity

Start with 2 high or critical records, then review medium and unrated findings with public references.

3. Check Patch Evidence

24 records include a patch path; verify compatibility before closing the finding.

4. Monitor Gaps

0 records still lack a listed fixed release, so keep this hub in the review queue.

High-Signal Remediation Targets

CVE-2024-3499 High

Local File Inclusion remediation for ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

Affected range: Versions up to 3.1.0. Fixed version: 3.1.1.

CVE-2024-2047 High

Local File Inclusion remediation for ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

Affected range: Versions up to 3.0.6. Fixed version: 3.0.7.

CVE-2026-4362 Medium

Vulnerability remediation for ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

Affected range: Versions up to 3.8.2. Fixed version: 3.9.0.

CVE-2026-2600 Medium

Stored Cross-Site Scripting remediation for ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

Affected range: Versions up to 3.7.9. Fixed version: 3.8.0.

Priority CVE Quick Links

Fast paths into ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

Tracked CVE	Issue Type	Affected Versions	Fixed Version	CVSS
CVE-2024-3499 ElementsKit Elementor addons <= 3.1.0 - Authenticated (Contributor+) Local File Incl...	Local File Inclusion	Versions up to 3.1.0	3.1.1	CVSS 8.8
CVE-2024-2047 ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Local File Incl...	Local File Inclusion	Versions up to 3.0.6	3.0.7	CVSS 8.8
CVE-2026-4362 ElementsKit Elementor Addons <= 3.8.2 - Missing Authorization to Unauthenticated Wid...	Vulnerability	Versions up to 3.8.2	3.9.0	CVSS 6.5
CVE-2026-2600 ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) S...	Stored Cross-Site Scripting	Versions up to 3.7.9	3.8.0	CVSS 6.4
CVE-2025-3614 ElementsKit Elementor Addons and Templates <= 3.5.2 - Authenticated (Contributor+) S...	Stored Cross-Site Scripting	Versions up to 3.5.2	3.5.3	CVSS 6.4
CVE-2025-4479 ElementsKit Lite <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting...	Stored Cross-Site Scripting	Versions up to 3.5.2	3.5.3	CVSS 6.4
CVE-2024-11180 ElementsKit Elementor addons <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Si...	Stored Cross-Site Scripting	Versions up to 3.4.7	3.4.8	CVSS 6.4
CVE-2025-1005 ElementsKit Elementor addons <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Si...	Stored Cross-Site Scripting	Versions up to 3.4.0	3.4.1	CVSS 6.4

CVE-2024-3499 High 3.1.1

CVE-2024-3499 ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor Local File Inclusion

ElementsKit Elementor addons <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Onepage Scroll Module

CVE-2024-2047 High 3.0.7

CVE-2024-2047 ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor Local File Inclusion

ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Local File Inclusion in render_raw

CVE-2026-4362 Medium 3.9.0

CVE-2026-4362 ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor Vulnerability

ElementsKit Elementor Addons <= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite

CVE-2026-2600 Medium 3.8.0

CVE-2026-2600 ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor Stored Cross-Site Scripting

ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget

CVE-2025-3614 Medium 3.5.3

CVE-2025-3614 ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor Stored Cross-Site Scripting

ElementsKit Elementor Addons and Templates <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget

CVE-2025-4479 Medium 3.5.3

CVE-2025-4479 ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor Stored Cross-Site Scripting

ElementsKit Lite <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget

CVE-2024-11180 Medium 3.4.8

CVE-2024-11180 ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor Stored Cross-Site Scripting

ElementsKit Elementor addons <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2025-1005 Medium 3.4.1

CVE-2025-1005 ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor Stored Cross-Site Scripting

ElementsKit Elementor addons <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget

Coverage Snapshot

What this page helps you verify fast

This hub clusters tracked records for ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

24 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

0 critical and 2 high severity findings.

Recent CVEs

CVE-2026-4362, CVE-2026-2600 and CVE-2026-23693

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2026-4362 Medium Patch path listed

CVE-2026-4362: ElementsKit Elementor Addons <= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `Live_Action::reset()` function in all versi...

Published

May 04, 2026

Patch Status

3.9.0

Review CVE-2026-4362 affected versions

CVE-2026-2600 Medium Patch path listed

CVE-2026-2600: ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget

The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ekit_tab_title' parameter in the Simple Tab widget in all versions u...

Published

Apr 03, 2026

Patch Status

3.8.0

Review CVE-2026-2600 affected versions

CVE-2026-23693 Medium Patch path listed

CVE-2026-23693: ElementsKit Elementor addons Lite < 3.7.9 - Missing Authorization

The ElementsKit Elementor addons Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to 3.7.9. This makes it possibl...

Published

Feb 24, 2026

Patch Status

3.7.9

Review CVE-2026-23693 affected versions

Known Vulnerabilities

Reports for ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-4362

CVE-2026-4362: ElementsKit Elementor Addons <= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `Live_Action::reset()` function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress `init` action and...

Published

May 04, 2026

Patched Release

3.9.0

Affected Versions

Versions up to 3.8.2

Next Step

Update to 3.9.0 or newer if supported.

Review CVE-2026-4362 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2026-2600

CVE-2026-2600: ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget

The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ekit_tab_title' parameter in the Simple Tab widget in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping on u...

Published

Apr 03, 2026

Patched Release

3.8.0

Affected Versions

Versions up to 3.7.9

Next Step

Update to 3.8.0 or newer if supported.

Review CVE-2026-2600 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2026-23693

CVE-2026-23693: ElementsKit Elementor addons Lite < 3.7.9 - Missing Authorization

The ElementsKit Elementor addons Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to 3.7.9. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Published

Feb 24, 2026

Patched Release

3.7.9

Affected Versions

Versions before 3.7.9

Next Step

Update to 3.7.9 or newer if supported.

Review CVE-2026-23693 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-3614

CVE-2025-3614: ElementsKit Elementor Addons and Templates <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget

The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of a custom widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible...

Published

Jul 24, 2025

Patched Release

3.5.3

Affected Versions

Versions up to 3.5.2

Next Step

Update to 3.5.3 or newer if supported.

Review CVE-2025-3614 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-4479

CVE-2025-4479: ElementsKit Lite <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget

The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin image comparison widget's before/after labels in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on...

Published

Jun 18, 2025

Patched Release

3.5.3

Affected Versions

Versions up to 3.5.2

Next Step

Update to 3.5.3 or newer if supported.

Review CVE-2025-4479 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-11180

CVE-2024-11180: ElementsKit Elementor addons <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer Widget ekit_countdown_timer_title parameter in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping. This make...

Published

Mar 28, 2025

Patched Release

3.4.8

Affected Versions

Versions up to 3.4.7

Next Step

Update to 3.4.8 or newer if supported.

Review CVE-2024-11180 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-0968

CVE-2025-0968: ElementsKit Elementor addons <= 3.4.0 - Unauthenticated Information Exposure via get_megamenu_content Function

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This makes it possible for unauthenticated attackers to vie...

Published

Feb 18, 2025

Patched Release

3.4.1

Affected Versions

Versions up to 3.4.0

Next Step

Update to 3.4.1 or newer if supported.

Review CVE-2025-0968 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-1005

CVE-2025-1005: ElementsKit Elementor addons <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion widget in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

Published

Feb 14, 2025

Patched Release

3.4.1

Affected Versions

Versions up to 3.4.0

Next Step

Update to 3.4.1 or newer if supported.

Review CVE-2025-1005 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-10091

CVE-2024-10091: ElementsKit Elementor addons <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Comparison Widget in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it pos...

Published

Oct 25, 2024

Patched Release

3.3.0

Affected Versions

Versions up to 3.2.9

Next Step

Update to 3.3.0 or newer if supported.

Review CVE-2024-10091 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-8546

CVE-2024-8546: ElementsKit Elementor addons <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video widget in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possi...

Published

Sep 24, 2024

Patched Release

3.2.8

Affected Versions

Versions up to 3.2.7

Next Step

Update to 3.2.8 or newer if supported.

Review CVE-2024-8546 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-6455

CVE-2024-6455: ElementsKit Elementor addons <= 3.2.0 - Unauthenticated Information Exposure via ekit_widgetarea_content Function

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to view any item cr...

Published

Jul 18, 2024

Patched Release

3.2.1

Affected Versions

Versions up to 3.2.0

Next Step

Update to 3.2.1 or newer if supported.

Review CVE-2024-6455 fixed version details Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-37255

CVE-2024-37255: Elements kit Elementor addons <= 3.1.4 - Missing Authorization

The Elements kit Elementor addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_content_editor() function in versions up to, and including, 3.1.4. This makes it possible for unauthenticated attackers to update...

Published

Jun 27, 2024

Patched Release

3.2.0

Affected Versions

Versions up to 3.1.4

Next Step

Update to 3.2.0 or newer if supported.

Review CVE-2024-37255 fixed version details Open CVE Reference