VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 36 known issues Latest disclosed Jan 17, 2026

Premium Addons for Elementor – Powerful Elementor Templates & Widgets Vulnerabilities

Review known vulnerability records for the WordPress plugin Premium Addons for Elementor – Powerful Elementor Templates & Widgets (`premium-addons-for-elementor`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-69300, CVE-2025-14163 and CVE-2025-14155, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
36
High or Critical
0
Patch Coverage
100%
Last Updated
Feb 13, 2026
Priority CVE Quick Links

Fast paths into Premium Addons for Elementor – Powerful Elementor Templates & Widgets CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
36
CVE-2024-37922 Medium 4.10.35
CVE-2024-37922 Premium Addons for Elementor – Powerful Elementor Templates & Widgets Stored Cross-Site Scripting

Premium Addons for Elementor <= 4.10.34 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2021-4445 Medium 4.5.2
CVE-2021-4445 Premium Addons for Elementor – Powerful Elementor Templates & Widgets Vulnerability

Premium Addons for Elementor <= 4.5.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update

CVE-2024-11937 Medium 4.10.70
CVE-2024-11937 Premium Addons for Elementor – Powerful Elementor Templates & Widgets Stored Cross-Site Scripting

Premium Addons for Elementor <= 4.10.69 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2025-4774 Medium 4.11.9
CVE-2025-4774 Premium Addons for Elementor – Powerful Elementor Templates & Widgets Stored Cross-Site Scripting

Premium Addons for Elementor <= 4.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

CVE-2024-10266 Medium 4.10.61
CVE-2024-10266 Premium Addons for Elementor – Powerful Elementor Templates & Widgets Stored Cross-Site Scripting

Premium Addons for Elementor <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Video Box Widget

CVE-2024-8681 Medium 4.10.53
CVE-2024-8681 Premium Addons for Elementor – Powerful Elementor Templates & Widgets Stored Cross-Site Scripting

Premium Addons for Elementor <= 4.10.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Media Grid Widget

CVE-2024-6495 Medium 4.10.37
CVE-2024-6495 Premium Addons for Elementor – Powerful Elementor Templates & Widgets Stored Cross-Site Scripting

Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget

CVE-2024-6340 Medium 4.10.37
CVE-2024-6340 Premium Addons for Elementor – Powerful Elementor Templates & Widgets Stored Cross-Site Scripting

Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Premium Addons for Elementor – Powerful Elementor Templates & Widgets so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
36 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 0 high severity findings.
Recent CVEs
CVE-2025-69300, CVE-2025-14163 and CVE-2025-14155
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Premium Addons for Elementor – Powerful Elementor Templates & Widgets

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-69300
CVE-2025-69300: Premium Addons for Elementor <= 4.11.63 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.11.63. This makes it possible for authenticated attackers, w...

Published
Jan 17, 2026
Patched Release
4.11.64
Affected Versions
Versions up to 4.11.63
Next Step
Update to 4.11.64 or newer if supported.
Open CVE-2025-69300 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-14163
CVE-2025-14163: Premium Addons for Elementor <= 4.11.53 - Cross-Site Request Forgery via 'insert_inner_template'

The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the 'insert_inner_template' function. This makes it possible for unauthenticated attackers t...

Published
Dec 22, 2025
Patched Release
4.11.54
Affected Versions
Versions up to 4.11.53
Next Step
Update to 4.11.54 or newer if supported.
Open CVE-2025-14163 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-14155
CVE-2025-14155: Premium Addons for Elementor <= 4.11.53 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'get_template_content'

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_template_content' function in all versions up to, and including, 4.11.53. This makes it possib...

Published
Dec 22, 2025
Patched Release
4.11.54
Affected Versions
Versions up to 4.11.53
Next Step
Update to 4.11.54 or newer if supported.
Open CVE-2025-14155 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-68494
CVE-2025-68494: Premium Addons for Elementor <= 4.11.53 - Unauthenticated Information Exposure

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.11.53. This makes it possible for unauthenticated attackers to extract sensitive user or configur...

Published
Dec 04, 2025
Patched Release
4.11.54
Affected Versions
Versions up to 4.11.53
Next Step
Update to 4.11.54 or newer if supported.
Open CVE-2025-68494 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-11937
CVE-2024-11937: Premium Addons for Elementor <= 4.10.69 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's linkURL in the Mobile Menu element in all versions up to, and including, 4.10.69 due to insufficient input sanitization and output escaping on user supplied attribu...

Published
Jul 03, 2025
Patched Release
4.10.70
Affected Versions
Versions up to 4.10.69
Next Step
Update to 4.10.70 or newer if supported.
Open CVE-2024-11937 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-4774
CVE-2025-4774: Premium Addons for Elementor <= 4.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible...

Published
Jun 09, 2025
Patched Release
4.11.9
Affected Versions
Versions up to 4.11.8
Next Step
Update to 4.11.9 or newer if supported.
Open CVE-2025-4774 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-56225
CVE-2024-56225: Premium Addons for Elementor <= 4.10.56 - Missing Authorization

The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.10.56. This makes it possible for authenticated attackers, with Contributor-level access and above, t...

Published
Dec 19, 2024
Patched Release
4.10.57
Affected Versions
Versions up to 4.10.56
Next Step
Update to 4.10.57 or newer if supported.
Open CVE-2024-56225 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-10266
CVE-2024-10266: Premium Addons for Elementor <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Video Box Widget

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Box widget in all versions up to, and including, 4.10.60 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

Published
Oct 28, 2024
Patched Release
4.10.61
Affected Versions
Versions up to 4.10.60
Next Step
Update to 4.10.61 or newer if supported.
Open CVE-2024-10266 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-8681
CVE-2024-8681: Premium Addons for Elementor <= 4.10.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Media Grid Widget

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Grid widget in all versions up to, and including, 4.10.52 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

Published
Sep 26, 2024
Patched Release
4.10.53
Affected Versions
Versions up to 4.10.52
Next Step
Update to 4.10.53 or newer if supported.
Open CVE-2024-8681 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6824
CVE-2024-6824: Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update

The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'check_temp_validity' and 'update_template_title' functions in all versions up to, and including, 4.10.38. This makes it poss...

Published
Aug 07, 2024
Patched Release
4.10.39
Affected Versions
Versions up to 4.10.38
Next Step
Update to 4.10.39 or newer if supported.
Open CVE-2024-6824 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6495
CVE-2024-6495: Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text widget in all versions up to, and including, 4.10.36 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

Published
Jul 11, 2024
Patched Release
4.10.37
Affected Versions
Versions up to 4.10.36
Next Step
Update to 4.10.37 or newer if supported.
Open CVE-2024-6495 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-37922
CVE-2024-37922: Premium Addons for Elementor <= 4.10.34 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.10.34 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attack...

Published
Jul 09, 2024
Patched Release
4.10.35
Affected Versions
Versions up to 4.10.34
Next Step
Update to 4.10.35 or newer if supported.
Open CVE-2024-37922 Report Open CVE Reference