Which Move Addons for Elementor CVEs are tracked?

Move Addons for Elementor tracked CVEs include CVE-2024-56254, CVE-2024-47364, CVE-2024-47396, CVE-2024-4695, and CVE-2024-34562.

How many Move Addons for Elementor vulnerabilities have patch guidance?

8 of 8 tracked Move Addons for Elementor records include a published patch path.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 8 known issues Latest disclosed Dec 30, 2024

Move Addons for Elementor Vulnerabilities

Review known vulnerability records for the WordPress plugin Move Addons for Elementor (`move-addons`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-56254, CVE-2024-10360 and CVE-2024-47364, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Jan 08, 2025

Priority CVE Quick Links

Fast paths into Move Addons for Elementor CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2024-56254 Medium 1.3.7

CVE-2024-56254 Move Addons for Elementor Stored Cross-Site Scripting

Move Addons for Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-47364 Medium 1.3.5

CVE-2024-47364 Move Addons for Elementor Stored Cross-Site Scripting

Move Addons for Elementor <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-47396 Medium 1.3.4

CVE-2024-47396 Move Addons for Elementor Stored Cross-Site Scripting

Move Addons for Elementor <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-4695 Medium 1.3.2

CVE-2024-4695 Move Addons for Elementor Stored Cross-Site Scripting

Move Addons for Elementor <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

CVE-2024-34562 Medium 1.3.1

CVE-2024-34562 Move Addons for Elementor Stored Cross-Site Scripting

Move Addons for Elementor <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-2131 Medium 1.3.0

CVE-2024-2131 Move Addons for Elementor Stored Cross-Site Scripting

Move Addons for Elementor <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-30525 Medium 1.3.0

CVE-2024-30525 Move Addons for Elementor Vulnerability

Move Addons for Elementor <= 1.2.9 - Missing Authorization

CVE-2024-10360 Medium 1.3.6

CVE-2024-10360 Move Addons for Elementor Sensitive Information Exposure

Move Addons for Elementor <= 1.3.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Move Addons for Elementor so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

8 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

0 critical and 0 high severity findings.

Recent CVEs

CVE-2024-56254, CVE-2024-10360 and CVE-2024-47364

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2024-56254 Medium Patch path listed

CVE-2024-56254: Move Addons for Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.6 due to insufficient input sanitization and output esca...

Published

Dec 30, 2024

Patch Status

1.3.7

Open CVE-2024-56254 Report

CVE-2024-10360 Medium Patch path listed

CVE-2024-10360: Move Addons for Elementor <= 1.3.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes/widgets/acc...

Published

Oct 28, 2024

Patch Status

1.3.6

Open CVE-2024-10360 Report

CVE-2024-47364 Medium Patch path listed

CVE-2024-47364: Move Addons for Elementor <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.4 due to insufficient input sanitization and output esca...

Published

Sep 30, 2024

Patch Status

1.3.5

Open CVE-2024-47364 Report

Known Vulnerabilities

Reports for Move Addons for Elementor

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2024-56254

CVE-2024-56254: Move Addons for Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access an...

Published

Dec 30, 2024

Patched Release

1.3.7

Affected Versions

Versions up to 1.3.6

Next Step

Update to 1.3.7 or newer if supported.

Open CVE-2024-56254 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-10360

CVE-2024-10360: Move Addons for Elementor <= 1.3.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes/widgets/accordion/widget.php, includes/widgets/remote-template/widget.php, and other widget.php files...

Published

Oct 28, 2024

Patched Release

1.3.6

Affected Versions

Versions up to 1.3.5

Next Step

Update to 1.3.6 or newer if supported.

Open CVE-2024-10360 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-47364

CVE-2024-47364: Move Addons for Elementor <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access an...

Published

Sep 30, 2024

Patched Release

1.3.5

Affected Versions

Versions up to 1.3.4

Next Step

Update to 1.3.5 or newer if supported.

Open CVE-2024-47364 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-47396

CVE-2024-47396: Move Addons for Elementor <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access an...

Published

Sep 25, 2024

Patched Release

1.3.4

Affected Versions

Versions up to 1.3.3

Next Step

Update to 1.3.4 or newer if supported.

Open CVE-2024-47396 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-4695

CVE-2024-4695: Move Addons for Elementor <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for auth...

Published

May 20, 2024

Patched Release

1.3.2

Affected Versions

Versions up to 1.3.1

Next Step

Update to 1.3.2 or newer if supported.

Open CVE-2024-4695 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-34562

CVE-2024-34562: Move Addons for Elementor <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

Published

May 07, 2024

Patched Release

1.3.1

Affected Versions

Versions up to 1.3.0

Next Step

Update to 1.3.1 or newer if supported.

Open CVE-2024-34562 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-30525

CVE-2024-30525: Move Addons for Elementor <= 1.2.9 - Missing Authorization

The Move Addons for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Published

Mar 29, 2024

Patched Release

1.3.0

Affected Versions

Versions up to 1.2.9

Next Step

Update to 1.3.0 or newer if supported.

Open CVE-2024-30525 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-2131

CVE-2024-2131: Move Addons for Elementor <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's infobox and button widget in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

Published

Mar 22, 2024

Patched Release

1.3.0

Affected Versions

Versions up to 1.2.9

Next Step

Update to 1.3.0 or newer if supported.

Open CVE-2024-2131 Report Open CVE Reference