PLUGIN SECURITY
Is Essential Addons for Elementor safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Essential Addons for Elementor WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
essential-addons-for-elementor-lite - Requires PHP: 7.0+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.0.9 [CVE-2022-0683, WordPress Essential Addons for Elementor plugin <= 5.0.8 - Reflected Cross-Site Scripting (XSS) vulnerability, Essential Addons for Elementor Lite <= 5.0.8 - Reflected Cross-Site Scripting, Essential Addons for Elementor Lite < 5.0.9 - Reflected Cross-Site Scripting]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.0.9 [CVE-2022-0320, WordPress Essential Addons for Elementor plugin <= 5.0.4 - Unauthenticated Local File Inclusion (LFI) vulnerability, Essential Addons for Elementor <= 5.0.4 - Local File Inclusion, Essential Addons for Elementor < 5.0.5 - Unauthenticated LFI]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 4.5.4 [CVE-2021-24255, Essential Addons for Elementor Lite <= 4.5.3 - Cross-Site Scripting, Essential Addons for Elementor < 4.5.4 - Contributor+ Stored Cross-Site Scripting (XSS)]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 4.5.4 [WordPress Essential Addons for Elementor plugin <= 4.5.3 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 4.6.5 [Essential Addons for Elementor <= 4.6.4 - Missing Authorization]
+ 61 more known vulnerabilities
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 4.6.5 [Essential Addons for Elementor <= 4.6.4 - Authenticated (Contributor+) Privilege Escalation]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.7.2 [CVE-2023-32243, Essential Addons for Elementor <= 5.7.1 - Unauthenticated Arbitrary Password Reset to Privilege Escalation, WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation, Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.8.2 [CVE-2023-3779, Essential Addons For Elementor <=5.8.1 - Unauthenticated MailChimp API Key Disclosure, WordPress Essential Addons for Elementor Plugin <= 5.8.1 is vulnerable to Sensitive Data Exposure, Essential Addons For Elementor < 5.8.2 - Unauthenticated MailChimp API Key Disclosure]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.8.9 [Essential Addons for Elementor <= 5.8.8 - Authenticated (Contributor+) Privilege Escalation]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.8.9 [CVE-2023-41955, WordPress Essential Addons for Elementor Plugin <= 5.8.8 is vulnerable to Privilege Escalation, Essential Addons for Elementor < 5.8.9 - Authenticated (Contributor+) Privilege Escalation]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.3 [CVE-2023-7044, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Essential Addons for Elementor Plugin <= 5.9.2 is vulnerable to Cross Site Scripting (XSS), Essential Addons for Elementor < 5.9.3 - Contributor+ Stored XSS]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.5 [CVE-2024-0586, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.4 - Authenticated (Contributor+) Stored Cross-Site Scritping, WordPress Essential Addons for Elementor Plugin <= 5.9.4 is vulnerable to Cross Site Scripting (XSS), Essential Addons for Elementor < 5.9.5 - Contributor+ Stored Cross-Site Scritping]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.5 [CVE-2024-0585, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image URl, WordPress Essential Addons for Elementor Plugin <= 5.9.4 is vulnerable to Cross Site Scripting (XSS), Essential Addons for Elementor < 5.9.5 - Contributor+ Stored Cross-Site Scripting via Image URl]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.8 [CVE-2024-0954, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Essential Addons for Elementor Plugin <= 5.9.7 is vulnerable to Cross Site Scripting (XSS), Essential Addons for Elementor < 5.9.8 - Contributor+ Stored XSS]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.9 [CVE-2024-1171, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery, WordPress Essential Addons for Elementor Plugin <= 5.9.8 is vulnerable to Cross Site Scripting (XSS), Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.9 - Contributor+ Stored Cross-Site Scripting via Filterable Gallery]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.9 [CVE-2024-1236, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Essential Addons for Elementor Plugin <= 5.9.8 is vulnerable to Cross Site Scripting (XSS), Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.9 - Contributor+ Stored Cross-Site Scripting]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.9 [CVE-2024-1276, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Essential Addons for Elementor Plugin <= 5.9.8 is vulnerable to Cross Site Scripting (XSS), Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.9 - Contributor+ Stored Cross-Site Scripting]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.9 [CVE-2024-1172, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion, WordPress Essential Addons for Elementor Plugin <= 5.9.8 is vulnerable to Cross Site Scripting (XSS), Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.9 - Contributor+ Stored Cross-Site Scripting via Accordion]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.10 [CVE-2024-1537, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Data Table, WordPress Essential Addons for Elementor Plugin <= 5.9.9 is vulnerable to Cross Site Scripting (XSS), Essential Addons for Elementor < 5.9.10 - Contributor+ Stored Cross-Site Scripting via Data Table]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.10 [CVE-2024-1536, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar, WordPress Essential Addons for Elementor Plugin <= 5.9.9 is vulnerable to Cross Site Scripting (XSS), Essential Addons for Elementor < 5.9.10 - Contributor+ Stored Cross-Site Scripting via Event Calendar]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.12 [CVE-2024-2623, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Essential Addons for Elementor Plugin <= 5.9.11 is vulnerable to Cross Site Scripting (XSS), Essential Addons for Elementor < 5.9.12 - Contributor+ Stored XSS]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.12 [CVE-2024-2650, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting, Essential Addons for Elementor < 5.9.12 - Contributor+ Stored XSS]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.14 [CVE-2024-3018, Essential Addons for Elementor <= 5.9.13 - Authenticated (Author+) PHP Object Injection via error_resetpassword, WordPress Essential Addons for Elementor Plugin <= 5.9.13 is vulnerable to PHP Object Injection, Essential Addons for Elementor < 5.9.14 - Author+ PHP Object Injection]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.14 [CVE-2024-2974, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.13 - Unauthenticated Sensitive Information Exposure, WordPress Essential Addons for Elementor Plugin <= 5.9.13 is vulnerable to Sensitive Data Exposure, Essential Addons for Elementor < 5.9.14 - Unauthenticated Private/Draft Posts Access]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.15 [CVE-2024-3333, Essential Addons for Elementor <= 5.9.14 - Authenticated (Contributor+) Store Cross-Site Scripting via Widget URL Attribute, WordPress Essential Addons for Elementor Plugin <= 5.9.14 is vulnerable to Cross Site Scripting (XSS)]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.16 [CVE-2024-3733, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Information Exposure, WordPress Essential Addons for Elementor Plugin <= 5.9.15 is vulnerable to Sensitive Data Exposure]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.16 [CVE-2024-3728, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery & Interactive Circle]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.16 [CVE-2024-4003, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.18 [CVE-2024-4156, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.17 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Essential Addons for Elementor Plugin <= 5.9.17 is vulnerable to Cross Site Scripting (XSS)]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.20 [CVE-2024-4448, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table']
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.20 [CVE-2024-4275, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Interactive Circles', WordPress Essential Addons for Elementor Plugin <= 5.9.19 is vulnerable to Cross Site Scripting (XSS)]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.20 [CVE-2024-4449, Essential Addons for Elementor <= 5.9.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Several Widgets]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.21 [CVE-2024-4624, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.20 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Essential Addons for Elementor Plugin <= 5.9.20 is vulnerable to Cross Site Scripting (XSS)]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.16 [CVE-2024-34764, WordPress Essential Addons for Elementor Plugin <= 5.9.15 is vulnerable to Cross Site Scripting (XSS), Essential Addons for Elementor <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.22 [CVE-2024-5073, Essential Addons for Elementor <= 5.9.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Feed, WordPress Essential Addons for Elementor Plugin <= 5.9.21 is vulnerable to Cross Site Scripting (XSS)]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.23 [CVE-2024-5188, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.22 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Essential Addons for Elementor Plugin <= 5.9.22 is vulnerable to Cross Site Scripting (XSS)]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.24 [CVE-2024-5189, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.23 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Essential Addons for Elementor Plugin <= 5.9.23 is vulnerable to Cross Site Scripting (XSS)]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 5.9.27 [CVE-2024-39649, WordPress Essential Addons for Elementor Plugin <= 5.9.26 is vulnerable to Cross Site Scripting (XSS), Essential Addons for Elementor <= 5.9.26 - Authenticated (Contributor+) Stored Cross-Site Scripting]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.0.0 [CVE-2024-7092, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via no_more_items_text Parameter, WordPress Essential Addons for Elementor Plugin <= 5.9.27 is vulnerable to Cross Site Scripting (XSS)]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.0.4 [CVE-2024-8440, Essential Addons for Elementor -- Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget, WordPress Essential Addons for Elementor Plugin <= 6.0.3 is vulnerable to Cross Site Scripting (XSS)]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.0.4 [CVE-2024-8742, Essential Addons for Elementor <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery Widget]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 4.6.5 [CVE-2021-4447]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 4.6.5 [CVE-2021-4446]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.0.10 [CVE-2024-8979, WordPress Essential Addons for Elementor Plugin <= 6.0.9 is vulnerable to Sensitive Data Exposure, Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.9 - Authenticated (Author+) Sensitive Information Exposure to Privilege Escalation]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.0.8 [CVE-2024-8961, WordPress Essential Addons for Elementor Plugin <= 6.0.7 is vulnerable to Cross Site Scripting (XSS), Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.0.10 [CVE-2024-8978, WordPress Essential Addons for Elementor Plugin <= 6.0.9 is vulnerable to Sensitive Data Exposure, Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.9 - Authenticated (Contributor+) Sensitive Information Exposure]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.0.8 [CVE-2024-56063, WordPress Essential Addons for Elementor Plugin <= 6.0.7 is vulnerable to Cross Site Scripting (XSS), Essential Addons for Elementor <= 6.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.1.10 [CVE-2025-39589, EUVD-2025-11293, Essential Addons for Elementor <= 6.1.9 - Authenticated (Contributor+) Information Disclosure]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.1.10 [CVE-2025-39590, EUVD-2025-11299, Essential Addons for Elementor <= 6.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.0.15 [CVE-2025-24752, EUVD-2025-11615, Essential Addons for Elementor <= 6.0.14 - Reflected Cross-Site Scripting]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.1.13 [CVE-2024-9994, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Pricing Table Widget, EUVD-2024-54656]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.1.13 [CVE-2024-9993, Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Event Calendar Widget, EUVD-2024-54655]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.0.5 [Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library, Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library, Magnific Popups JavaScript Library < 1.2.0 - Contributor+ Stored XSS, EUVD-2024-54725]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.1.20 [CVE-2025-6244, Essential Addons for Elementor – Popular Elementor Templates and Widgets <= 6.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Calendar` And `Business Reviews` Widgets, EUVD-2025-20374]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.2.3 [CVE-2025-8451, Essential Addons for Elementor – Popular Elementor Templates and Widgets <= 6.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'data-gallery-items', EUVD-2025-24992]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.3.0 [CVE-2025-64352, Essential Addons for Elementor <= 6.2.4 - Missing Authorization, EUVD-2025-37340]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.5.4 [CVE-2025-13977, Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.5.4 [CVE-2025-69092, Essential Addons for Elementor <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting, EUVD-2025-205706]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.5.6 [CVE-2026-23543, Essential Addons for Elementor <= 6.5.5 - Missing Authorization]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.5.10 [CVE-2026-1512, Essential Addons for Elementor <= 6.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.5.6 [CVE-2026-1004, Essential Addons for Elementor <= 6.5.5 - Missing Authorization to Unauthenticated Sensitive Information Exposure]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.6.0 [CVE-2026-25440, Essential Addons for Elementor – Popular Elementor Templates & Widgets < 6.6.0 - Missing Authorization]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.6.0 [CVE-2026-5193, Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.13 - Authenticated (Author+) Limited Privilege Escalation via register_user]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.6.5 [CVE-2026-7665, Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler, EUVD-2026-34950]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.6.3 [CVE-2026-6459, Essential Addons for Elementor <= 6.6.2 - Authenticated (Author+) Stored Cross-Site Scripting via Event Calendar Widget Popup]
- Essential Addons for Elementor – Popular Elementor Templates & Widgets [essential-addons-for-elementor-lite] < 6.6.11 [CVE-2026-15155, Essential Addons for Elementor <= 6.6.10 - Authenticated (Contributor+) Account Takeover via Email Header Injection]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Elementor Website Builder – more than just a page builder — 10000000+ active installs — max PHP 8.4
- Ultimate Addons for Elementor — 2000000+ active installs — max PHP 8.4
- Starter Templates – AI-Powered Templates for Elementor & Gutenberg — 1000000+ active installs — max PHP 8.4
- ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor — 1000000+ active installs
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets — 700000+ active installs — max PHP 8.4
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.