Aggregates CVE and security vulnerability intelligence across all nicheaddons-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-13854 | The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naedu_elementor_template shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract information from posts that are not public, including drafts, password protected, and restricted posts. This applies to posts created with Elementor onl | [email protected] | 4.3 | 0.05% | 2025-02-19 | 2025-03-06 |
| CVE-2024-12061 | The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naevents_elementor_template shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | [email protected] | 4.3 | 0.18% | 2024-12-18 | 2025-06-05 |
| CVE-2024-54316 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Restaurant & Cafe Addon for Elementor restaurant-cafe-addon-for-elementor allows DOM-Based XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through <= 1.5.8. | [email protected] | 6.5 | 0.18% | 2024-12-13 | 2026-04-23 |
| CVE-2024-54315 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Events Addon for Elementor events-addon-for-elementor allows DOM-Based XSS.This issue affects Events Addon for Elementor: from n/a through <= 2.2.2. | [email protected] | 6.5 | 0.24% | 2024-12-13 | 2026-04-23 |
| CVE-2024-54314 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Primary Addon for Elementor primary-addon-for-elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through <= 1.6.0. | [email protected] | 6.5 | 0.18% | 2024-12-13 | 2026-04-23 |
| CVE-2023-47826 | Missing Authorization vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.3. | [email protected] | 6.5 | 0.32% | 2024-12-09 | 2026-04-28 |
| CVE-2024-12062 | The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.3 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | [email protected] | 4.3 | 0.15% | 2024-12-03 | 2026-04-08 |
| CVE-2024-10780 | The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.9 via the 'narestaurant_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | [email protected] | 4.3 | 0.11% | 2024-11-28 | 2025-07-14 |
| CVE-2024-10670 | The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the [prim_elementor_template] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created with Elementor that they should not have access to. | [email protected] | 4.3 | 0.11% | 2024-11-28 | 2025-04-11 |
| CVE-2024-51938 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Charity Addon for Elementor charity-addon-for-elementor allows DOM-Based XSS.This issue affects Charity Addon for Elementor: from n/a through <= 1.3.2. | [email protected] | 6.5 | 0.33% | 2024-11-19 | 2026-04-23 |
| CVE-2024-51581 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Restaurant & Cafe Addon for Elementor restaurant-cafe-addon-for-elementor allows Stored XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through <= 1.5.6. | [email protected] | 6.5 | 0.14% | 2024-11-10 | 2026-04-23 |
| CVE-2024-51585 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Sales Page Addon – Elementor & Beaver Builder sales-page-addon allows Stored XSS.This issue affects Sales Page Addon – Elementor & Beaver Builder: from n/a through <= 1.4.5. | [email protected] | 6.5 | 0.14% | 2024-11-09 | 2026-04-23 |
| CVE-2024-49264 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Events Addon for Elementor events-addon-for-elementor allows Stored XSS.This issue affects Events Addon for Elementor: from n/a through <= 2.2.0. | [email protected] | 6.5 | 0.27% | 2024-10-17 | 2026-04-23 |
| CVE-2024-49259 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Primary Addon for Elementor primary-addon-for-elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through <= 1.5.8. | [email protected] | 6.5 | 0.21% | 2024-10-17 | 2026-04-23 |
| CVE-2024-44033 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Primary Addon for Elementor primary-addon-for-elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through <= 1.5.7. | [email protected] | 6.5 | 0.25% | 2024-10-06 | 2026-04-23 |
| CVE-2024-44032 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Restaurant & Cafe Addon for Elementor restaurant-cafe-addon-for-elementor allows Stored XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through <= 1.5.5. | [email protected] | 6.5 | 0.25% | 2024-10-06 | 2026-04-23 |
| CVE-2024-44026 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Charity Addon for Elementor charity-addon-for-elementor allows Stored XSS.This issue affects Charity Addon for Elementor: from n/a through <= 1.3.0. | [email protected] | 6.5 | 0.18% | 2024-10-06 | 2026-04-23 |
| CVE-2024-4669 | The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | [email protected] | 6.4 | 0.36% | 2024-06-11 | 2026-04-08 |
| CVE-2024-5229 | The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | [email protected] | 6.4 | 0.27% | 2024-05-25 | 2026-04-08 |
| CVE-2023-47827 | Incorrect Authorization vulnerability in NicheAddons Events Addon for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Events Addon for Elementor: from n/a through 2.1.3. | [email protected] | 6.5 | 0.14% | 2023-11-30 | 2026-04-28 |