Which Premium Addons Pro for Elementor CVEs are tracked?

Premium Addons Pro for Elementor tracked CVEs include CVE-2024-2000, CVE-2024-2238, CVE-2024-1997, CVE-2024-2237, and CVE-2024-2239.

How many Premium Addons Pro for Elementor vulnerabilities have patch guidance?

9 of 9 tracked Premium Addons Pro for Elementor records include a published patch path.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 9 known issues Latest disclosed Mar 07, 2024

Premium Addons Pro for Elementor Vulnerabilities

Review known vulnerability records for the WordPress plugin Premium Addons Pro for Elementor (`premium-addons-pro`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-2000, CVE-2024-2238 and CVE-2024-1997, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

May 31, 2024

Priority CVE Quick Links

Fast paths into Premium Addons Pro for Elementor CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2024-2000 Medium 2.9.13

CVE-2024-2000 Premium Addons Pro for Elementor Stored Cross-Site Scripting

Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multi Scroll Widget

CVE-2024-2238 Medium 2.9.13

CVE-2024-2238 Premium Addons Pro for Elementor Stored Cross-Site Scripting

Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Mouse Cursor Module

CVE-2024-1997 Medium 2.9.13

CVE-2024-1997 Premium Addons Pro for Elementor Stored Cross-Site Scripting

Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Messenger Chat Widget

CVE-2024-2237 Medium 2.9.13

CVE-2024-2237 Premium Addons Pro for Elementor Stored Cross-Site Scripting

Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Global Badge Module

CVE-2024-2239 Medium 2.9.13

CVE-2024-2239 Premium Addons Pro for Elementor Stored Cross-Site Scripting

Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Premium Magic Scroll Module

CVE-2024-1996 Medium 2.9.13

CVE-2024-1996 Premium Addons Pro for Elementor Stored Cross-Site Scripting

Premium Addons for Elementor PRO <= 2.9.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget link

CVE-2023-34012 Medium 2.8.25

CVE-2023-34012 Premium Addons Pro for Elementor Cross-Site Scripting

Premium Addons PRO <= 2.8.24 - Reflected Cross-Site Scripting

CVE-2023-37869 Medium 2.9.1

CVE-2023-37869 Premium Addons Pro for Elementor Vulnerability

Premium Addons PRO <= 2.9.0 - Missing Authorization

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Premium Addons Pro for Elementor so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

9 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

0 critical and 0 high severity findings.

Recent CVEs

CVE-2024-2000, CVE-2024-2238 and CVE-2024-1997

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2024-2000 Medium Patch path listed

CVE-2024-2000: Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multi Scroll Widget

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'navigation_dots' parameter of the Multi Scroll Widget in all versions up to, and including,...

Published

Mar 07, 2024

Patch Status

2.9.13

Open CVE-2024-2000 Report

CVE-2024-2238 Medium Patch path listed

CVE-2024-2238: Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Mouse Cursor Module

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient i...

Published

Mar 07, 2024

Patch Status

2.9.13

Open CVE-2024-2238 Report

CVE-2024-1997 Medium Patch path listed

CVE-2024-1997: Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Messenger Chat Widget

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premium_fbchat_app_id' parameter of the Messenger Chat Widget in all versions up to, and inc...

Published

Mar 07, 2024

Patch Status

2.9.13

Open CVE-2024-1997 Report

Known Vulnerabilities

Reports for Premium Addons Pro for Elementor

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2024-2000

CVE-2024-2000: Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multi Scroll Widget

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'navigation_dots' parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible...

Published

Mar 07, 2024

Patched Release

2.9.13

Affected Versions

Versions up to 2.9.12

Next Step

Update to 2.9.13 or newer if supported.

Open CVE-2024-2000 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-2238

CVE-2024-2238: Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Mouse Cursor Module

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

Published

Mar 07, 2024

Patched Release

2.9.13

Affected Versions

Versions up to 2.9.12

Next Step

Update to 2.9.13 or newer if supported.

Open CVE-2024-2238 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-1997

CVE-2024-1997: Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Messenger Chat Widget

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premium_fbchat_app_id' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it p...

Published

Mar 07, 2024

Patched Release

2.9.13

Affected Versions

Versions up to 2.9.12

Next Step

Update to 2.9.13 or newer if supported.

Open CVE-2024-1997 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-2237

CVE-2024-2237: Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Global Badge Module

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with c...

Published

Mar 07, 2024

Patched Release

2.9.13

Affected Versions

Versions up to 2.9.12

Next Step

Update to 2.9.13 or newer if supported.

Open CVE-2024-2237 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-2239

CVE-2024-2239: Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Premium Magic Scroll Module

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

Published

Mar 07, 2024

Patched Release

2.9.13

Affected Versions

Versions up to 2.9.12

Next Step

Update to 2.9.13 or newer if supported.

Open CVE-2024-2239 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-1996

CVE-2024-1996: Premium Addons for Elementor PRO <= 2.9.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget link

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's IHover widget link in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

Published

Mar 06, 2024

Patched Release

2.9.13

Affected Versions

Versions up to 2.9.12

Next Step

Update to 2.9.13 or newer if supported.

Open CVE-2024-1996 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-37869

CVE-2023-37869: Premium Addons PRO <= 2.9.0 - Missing Authorization

The Premium Addons PRO plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 2.9.0. This makes it possible for authenticated attackers, with contributor-level access and...

Published

Jul 10, 2023

Patched Release

2.9.1

Affected Versions

Versions up to 2.9.0

Next Step

Update to 2.9.1 or newer if supported.

Open CVE-2023-37869 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-37868

CVE-2023-37868: Premium Addons PRO <= 2.9.0 - Sensitive Information Exposure

The Premium Addons PRO plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.9.0. This makes it possible for contributor-level attackers to retrieve sensitive data.

Published

Jul 10, 2023

Patched Release

2.9.1

Affected Versions

Versions up to 2.9.0

Next Step

Update to 2.9.1 or newer if supported.

Open CVE-2023-37868 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-34012

CVE-2023-34012: Premium Addons PRO <= 2.8.24 - Reflected Cross-Site Scripting

The Premium Addons PRO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.8.24 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

Published

Jun 02, 2023

Patched Release

2.8.25

Affected Versions

Versions up to 2.8.24

Next Step

Update to 2.8.25 or newer if supported.

Open CVE-2023-34012 Report Open CVE Reference