VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 13 known issues Latest disclosed Mar 23, 2026

Themesflat Addons For Elementor Vulnerabilities

Review known vulnerability records for the WordPress plugin Themesflat Addons For Elementor (`themesflat-addons-for-elementor`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-39500, CVE-2025-3275 and CVE-2025-31567, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
13
High or Critical
1
Patch Coverage
100%
Last Updated
Apr 15, 2026
Priority CVE Quick Links

Fast paths into Themesflat Addons For Elementor CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
13
CVE-2023-37390 Critical 2.0.1
CVE-2023-37390 Themesflat Addons For Elementor Vulnerability

Themesflat Addons For Elementor <= 2.0.0 - Unauthenticated PHP Object Injection

CVE-2026-39500 Medium 2.3.3
CVE-2026-39500 Themesflat Addons For Elementor Stored Cross-Site Scripting

themesflat-addons-for-elementor <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2025-3275 Medium 2.2.6
CVE-2025-3275 Themesflat Addons For Elementor Stored Cross-Site Scripting

Themesflat Addons For Elementor <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2025-31567 Medium 2.3.2
CVE-2025-31567 Themesflat Addons For Elementor Stored Cross-Site Scripting

Themesflat Addons For Elementor <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-12205 Medium 2.2.5
CVE-2024-12205 Themesflat Addons For Elementor Stored Cross-Site Scripting

Themesflat Addons For Elementor <= 2.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-53796 Medium 2.2.3
CVE-2024-53796 Themesflat Addons For Elementor Stored Cross-Site Scripting

Themesflat Addons For Elementor <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-49310 Medium 2.2.2
CVE-2024-49310 Themesflat Addons For Elementor Stored Cross-Site Scripting

Themesflat Addons For Elementor <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-8515 Medium 2.2.2
CVE-2024-8515 Themesflat Addons For Elementor Stored Cross-Site Scripting

Themesflat Addons For Elementor <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Themesflat Addons For Elementor so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
13 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 0 high severity findings.
Recent CVEs
CVE-2026-39500, CVE-2025-3275 and CVE-2025-31567
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Themesflat Addons For Elementor

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-39500
CVE-2026-39500: themesflat-addons-for-elementor <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The themesflat-addons-for-elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acc...

Published
Mar 23, 2026
Patched Release
2.3.3
Affected Versions
Versions up to 2.3.2
Next Step
Update to 2.3.3 or newer if supported.
Open CVE-2026-39500 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-3275
CVE-2025-3275: Themesflat Addons For Elementor <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider widget in all versions up to, and including, 2.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack...

Published
Apr 18, 2025
Patched Release
2.2.6
Affected Versions
Versions up to 2.2.5
Next Step
Update to 2.2.6 or newer if supported.
Open CVE-2025-3275 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-31567
CVE-2025-31567: Themesflat Addons For Elementor <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acc...

Published
Mar 31, 2025
Patched Release
2.3.2
Affected Versions
Versions up to 2.3.1
Next Step
Update to 2.3.2 or newer if supported.
Open CVE-2025-31567 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-12205
CVE-2024-12205: Themesflat Addons For Elementor <= 2.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider Widget in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack...

Published
Jan 07, 2025
Patched Release
2.2.5
Affected Versions
Versions up to 2.2.4
Next Step
Update to 2.2.5 or newer if supported.
Open CVE-2024-12205 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-53796
CVE-2024-53796: Themesflat Addons For Elementor <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acc...

Published
Dec 02, 2024
Patched Release
2.2.3
Affected Versions
Versions up to 2.2.2
Next Step
Update to 2.2.3 or newer if supported.
Open CVE-2024-53796 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-49310
CVE-2024-49310: Themesflat Addons For Elementor <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acc...

Published
Oct 15, 2024
Patched Release
2.2.2
Affected Versions
Versions up to 2.2.1
Next Step
Update to 2.2.2 or newer if supported.
Open CVE-2024-49310 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-8515
CVE-2024-8515: Themesflat Addons For Elementor <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like 'TF E Slider Widget', 'TF Video Widget', 'TF Team Widget' and more in all versions up to, and including, 2.2.1 due to insufficient input sanitization and...

Published
Sep 24, 2024
Patched Release
2.2.2
Affected Versions
Versions up to 2.2.1
Next Step
Update to 2.2.2 or newer if supported.
Open CVE-2024-8515 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-8516
CVE-2024-8516: Themesflat Addons For Elementor <= 2.2.1 - Authenticated (Contributor+) Information Exposure

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract limited po...

Published
Sep 24, 2024
Patched Release
2.2.2
Affected Versions
Versions up to 2.2.1
Next Step
Update to 2.2.2 or newer if supported.
Open CVE-2024-8516 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-2922
CVE-2024-2922: Themesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Tags

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget tags in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for aut...

Published
Jun 05, 2024
Patched Release
2.1.3
Affected Versions
Versions up to 2.1.2
Next Step
Update to 2.1.3 or newer if supported.
Open CVE-2024-2922 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-4458
CVE-2024-4458: Themesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via URLs

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in several widgets via URL parameters in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authentic...

Published
Jun 05, 2024
Patched Release
2.1.3
Affected Versions
Versions up to 2.1.2
Next Step
Update to 2.1.3 or newer if supported.
Open CVE-2024-4458 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-4212
CVE-2024-4212: Themesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TF Group Image, TF Nav Menu, TF Posts, TF Woo Product Grid, TF Accordion, and TF Image Box widgets in all versions up to, and including, 2.1.1 due to insufficien...

Published
Jun 05, 2024
Patched Release
2.1.3
Affected Versions
Versions up to 2.1.2
Next Step
Update to 2.1.3 or newer if supported.
Open CVE-2024-4212 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-4459
CVE-2024-4459: Themesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Titles

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget's titles in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

Published
Jun 05, 2024
Patched Release
2.1.3
Affected Versions
Versions up to 2.1.2
Next Step
Update to 2.1.3 or newer if supported.
Open CVE-2024-4459 Report Open CVE Reference