Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
9 vulnerabilities by kingaddons
CVE-2026-54839 (GCVE-0-2026-54839)
Vulnerability from cvelistv5 – Published: 2026-06-26 14:52 – Updated: 2026-06-26 17:06
VLAI
Title
WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin <= 2.0.9 - Sensitive Data Exposure vulnerability
Summary
Unauthenticated Sensitive Data Exposure in Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups <= 2.0.9 versions.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kingaddons | Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups |
Affected:
n/a , ≤ 2.0.9
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T17:04:37.196457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T17:06:57.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "trinity-backup",
"product": "Trinity Backup \u0026#8211; Backup, Migrate, Restore, Clone \u0026amp; Schedule Backups",
"vendor": "kingaddons",
"versions": [
{
"changes": [
{
"at": "2.0.10",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.0.9",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "dodoh4t | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated Sensitive Data Exposure in Trinity Backup \u0026#8211; Backup, Migrate, Restore, Clone \u0026amp; Schedule Backups \u003c= 2.0.9 versions."
}
],
"value": "Unauthenticated Sensitive Data Exposure in Trinity Backup \u0026#8211; Backup, Migrate, Restore, Clone \u0026amp; Schedule Backups \u003c= 2.0.9 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T14:52:26.359Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/trinity-backup/vulnerability/wordpress-trinity-backup-backup-migrate-restore-clone-schedule-backups-plugin-2-0-9-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Trinity Backup \u0026#8211; Backup, Migrate, Restore, Clone \u0026amp; Schedule Backups Plugin to the latest available version (at least 2.0.10)."
}
],
"value": "Update the WordPress Trinity Backup \u0026#8211; Backup, Migrate, Restore, Clone \u0026amp; Schedule Backups Plugin to the latest available version (at least 2.0.10)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Trinity Backup \u2013 Backup, Migrate, Restore, Clone \u0026 Schedule Backups plugin \u003c= 2.0.9 - Sensitive Data Exposure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-54839",
"datePublished": "2026-06-26T14:52:26.359Z",
"dateReserved": "2026-06-16T09:21:57.269Z",
"dateUpdated": "2026-06-26T17:06:57.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13535 (GCVE-0-2025-13535)
Vulnerability from cvelistv5 – Published: 2026-04-01 14:37 – Updated: 2026-04-08 17:10
VLAI
Title
King Addons for Elementor <= 51.1.38 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Widgets
Summary
The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, 51.1.38. This is due to insufficient input sanitization and output escaping across multiple widgets and features. The plugin uses esc_attr() and esc_url() within JavaScript inline event handlers (onclick attributes), which allows HTML entities to be decoded by the DOM, enabling attackers to break out of the JavaScript context. Additionally, several JavaScript files use unsafe DOM manipulation methods (template literals, .html(), and window.location.href with unvalidated URLs) with user-controlled data. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts via Elementor widget settings that execute when a user accesses the injected page or when an administrator previews the page in Elementor's editor. The vulnerability was partially patched in version 5.1.51.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
11 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kingaddons | King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder |
Affected:
0 , ≤ 51.1.53
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T19:03:46.391810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T19:03:57.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "King Addons for Elementor \u2013 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder",
"vendor": "kingaddons",
"versions": [
{
"lessThanOrEqual": "51.1.53",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Craig Smith"
}
],
"descriptions": [
{
"lang": "en",
"value": "The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, 51.1.38. This is due to insufficient input sanitization and output escaping across multiple widgets and features. The plugin uses esc_attr() and esc_url() within JavaScript inline event handlers (onclick attributes), which allows HTML entities to be decoded by the DOM, enabling attackers to break out of the JavaScript context. Additionally, several JavaScript files use unsafe DOM manipulation methods (template literals, .html(), and window.location.href with unvalidated URLs) with user-controlled data. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts via Elementor widget settings that execute when a user accesses the injected page or when an administrator previews the page in Elementor\u0027s editor. The vulnerability was partially patched in version 5.1.51."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:10:07.525Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/95d3e76c-612d-436c-9d32-6228d7dcbf35?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.38/includes/assets/libraries/lightgallery/lightgallery.js"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.38/includes/widgets/Video_Popup/Video_Popup.php#L813"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.38/includes/widgets/Off_Canvas_Content/Off_Canvas_Content.php#L629"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.38/includes/widgets/Popup/Popup.php#L708"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.38/includes/features/Wrapper_Link/Wrapper_Link.php#L85"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.38/includes/widgets/Pricing_Calculator/Pricing_Calculator.php#L1896"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.38/includes/widgets/Countdown/script.js#L119"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.38/includes/widgets/Image_Accordion/script.js#L141"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3438067/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3441952/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-31T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "King Addons for Elementor \u003c= 51.1.38 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Widgets"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13535",
"datePublished": "2026-04-01T14:37:34.473Z",
"dateReserved": "2025-11-21T23:23:33.043Z",
"dateUpdated": "2026-04-08T17:10:07.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13997 (GCVE-0-2025-13997)
Vulnerability from cvelistv5 – Published: 2026-03-23 06:41 – Updated: 2026-04-08 17:02
VLAI
Title
King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure
Summary
The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via render_full_form function. This makes it possible for unauthenticated attackers to extract site's Mailchimp, Facebook and Google API keys and secrets.
This vulnerability requires the Premium license to be installed
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kingaddons | King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder |
Affected:
0 , ≤ 51.1.49
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T11:35:36.235773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T11:35:45.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "King Addons for Elementor \u2013 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder",
"vendor": "kingaddons",
"versions": [
{
"lessThanOrEqual": "51.1.49",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ulyses Saicha"
}
],
"descriptions": [
{
"lang": "en",
"value": "The King Addons for Elementor \u2013 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via render_full_form function. This makes it possible for unauthenticated attackers to extract site\u0027s Mailchimp, Facebook and Google API keys and secrets.\r\nThis vulnerability requires the Premium license to be installed"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:02:09.847Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7955b162-ed0f-4455-a429-ed292771c701?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.38/includes/widgets/Login_Register_Form/Login_Register_Form.php#L3065"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-20T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2026-03-22T18:29:11.000Z",
"value": "Disclosed"
}
],
"title": "King Addons for Elementor \u003c= 51.1.49 - Unauthenticated API Keys Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13997",
"datePublished": "2026-03-23T06:41:08.390Z",
"dateReserved": "2025-12-03T22:19:22.746Z",
"dateUpdated": "2026-04-08T17:02:09.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7960 (GCVE-0-2025-7960)
Vulnerability from cvelistv5 – Published: 2025-12-13 08:21 – Updated: 2026-04-08 16:54
VLAI
Title
King Addons for Elementor <= 51.1.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
Summary
The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Slider, Pricing Calculator, and Image Accordion widgets in all versions up to, and including, 51.1.39 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kingaddons | King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder |
Affected:
0 , ≤ 51.1.39
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T15:42:56.499454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T15:46:37.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "King Addons for Elementor \u2013 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder",
"vendor": "kingaddons",
"versions": [
{
"lessThanOrEqual": "51.1.39",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "D.Sim"
}
],
"descriptions": [
{
"lang": "en",
"value": "The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s Pricing Slider, Pricing Calculator, and Image Accordion widgets in all versions up to, and including, 51.1.39 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:54:24.380Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/57865837-470e-4afd-bb90-d203a78a210b?source=cve"
},
{
"url": "https://wordpress.org/plugins/king-addons/#developers"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-12T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "King Addons for Elementor \u003c= 51.1.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-7960",
"datePublished": "2025-12-13T08:21:13.187Z",
"dateReserved": "2025-07-21T14:56:56.963Z",
"dateUpdated": "2026-04-08T16:54:24.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8489 (GCVE-0-2025-8489)
Vulnerability from cvelistv5 – Published: 2025-10-31 06:42 – Updated: 2025-12-01 22:41
VLAI
Title
King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation
Summary
The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that users can register with. This makes it possible for unauthenticated attackers to register with administrator-level user accounts.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kingaddons | King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor |
Affected:
* , ≤ 51.1.14
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T14:26:33.193376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T22:41:14.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "King Addons for Elementor \u2013 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor",
"vendor": "kingaddons",
"versions": [
{
"lessThanOrEqual": "51.1.14",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Thaleikis"
}
],
"descriptions": [
{
"lang": "en",
"value": "The King Addons for Elementor \u2013 Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that users can register with. This makes it possible for unauthenticated attackers to register with administrator-level user accounts."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T06:42:55.486Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1bb2b06-9a3b-4428-8624-26a1202fe3b0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/24.12.93/includes/widgets/Login_Register_Form/Login_Register_Form_Ajax.php#L353"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.35/includes/widgets/Login_Register_Form/Login_Register_Form_Ajax.php#L160"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-30T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "King Addons for Elementor \u2013 Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-8489",
"datePublished": "2025-10-31T06:42:55.486Z",
"dateReserved": "2025-08-01T21:12:39.827Z",
"dateUpdated": "2025-12-01T22:41:14.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13535 (GCVE-0-2025-13535)
Vulnerability from nvd – Published: 2026-04-01 14:37 – Updated: 2026-04-08 17:10
VLAI
Title
King Addons for Elementor <= 51.1.38 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Widgets
Summary
The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, 51.1.38. This is due to insufficient input sanitization and output escaping across multiple widgets and features. The plugin uses esc_attr() and esc_url() within JavaScript inline event handlers (onclick attributes), which allows HTML entities to be decoded by the DOM, enabling attackers to break out of the JavaScript context. Additionally, several JavaScript files use unsafe DOM manipulation methods (template literals, .html(), and window.location.href with unvalidated URLs) with user-controlled data. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts via Elementor widget settings that execute when a user accesses the injected page or when an administrator previews the page in Elementor's editor. The vulnerability was partially patched in version 5.1.51.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
11 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kingaddons | King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder |
Affected:
0 , ≤ 51.1.53
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T19:03:46.391810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T19:03:57.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "King Addons for Elementor \u2013 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder",
"vendor": "kingaddons",
"versions": [
{
"lessThanOrEqual": "51.1.53",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Craig Smith"
}
],
"descriptions": [
{
"lang": "en",
"value": "The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, 51.1.38. This is due to insufficient input sanitization and output escaping across multiple widgets and features. The plugin uses esc_attr() and esc_url() within JavaScript inline event handlers (onclick attributes), which allows HTML entities to be decoded by the DOM, enabling attackers to break out of the JavaScript context. Additionally, several JavaScript files use unsafe DOM manipulation methods (template literals, .html(), and window.location.href with unvalidated URLs) with user-controlled data. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts via Elementor widget settings that execute when a user accesses the injected page or when an administrator previews the page in Elementor\u0027s editor. The vulnerability was partially patched in version 5.1.51."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:10:07.525Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/95d3e76c-612d-436c-9d32-6228d7dcbf35?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.38/includes/assets/libraries/lightgallery/lightgallery.js"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.38/includes/widgets/Video_Popup/Video_Popup.php#L813"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.38/includes/widgets/Off_Canvas_Content/Off_Canvas_Content.php#L629"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.38/includes/widgets/Popup/Popup.php#L708"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.38/includes/features/Wrapper_Link/Wrapper_Link.php#L85"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.38/includes/widgets/Pricing_Calculator/Pricing_Calculator.php#L1896"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.38/includes/widgets/Countdown/script.js#L119"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.38/includes/widgets/Image_Accordion/script.js#L141"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3438067/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3441952/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-31T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "King Addons for Elementor \u003c= 51.1.38 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Widgets"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13535",
"datePublished": "2026-04-01T14:37:34.473Z",
"dateReserved": "2025-11-21T23:23:33.043Z",
"dateUpdated": "2026-04-08T17:10:07.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13997 (GCVE-0-2025-13997)
Vulnerability from nvd – Published: 2026-03-23 06:41 – Updated: 2026-04-08 17:02
VLAI
Title
King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure
Summary
The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via render_full_form function. This makes it possible for unauthenticated attackers to extract site's Mailchimp, Facebook and Google API keys and secrets.
This vulnerability requires the Premium license to be installed
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kingaddons | King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder |
Affected:
0 , ≤ 51.1.49
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T11:35:36.235773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T11:35:45.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "King Addons for Elementor \u2013 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder",
"vendor": "kingaddons",
"versions": [
{
"lessThanOrEqual": "51.1.49",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ulyses Saicha"
}
],
"descriptions": [
{
"lang": "en",
"value": "The King Addons for Elementor \u2013 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via render_full_form function. This makes it possible for unauthenticated attackers to extract site\u0027s Mailchimp, Facebook and Google API keys and secrets.\r\nThis vulnerability requires the Premium license to be installed"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:02:09.847Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7955b162-ed0f-4455-a429-ed292771c701?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.38/includes/widgets/Login_Register_Form/Login_Register_Form.php#L3065"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-20T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2026-03-22T18:29:11.000Z",
"value": "Disclosed"
}
],
"title": "King Addons for Elementor \u003c= 51.1.49 - Unauthenticated API Keys Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13997",
"datePublished": "2026-03-23T06:41:08.390Z",
"dateReserved": "2025-12-03T22:19:22.746Z",
"dateUpdated": "2026-04-08T17:02:09.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7960 (GCVE-0-2025-7960)
Vulnerability from nvd – Published: 2025-12-13 08:21 – Updated: 2026-04-08 16:54
VLAI
Title
King Addons for Elementor <= 51.1.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
Summary
The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Slider, Pricing Calculator, and Image Accordion widgets in all versions up to, and including, 51.1.39 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kingaddons | King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder |
Affected:
0 , ≤ 51.1.39
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T15:42:56.499454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T15:46:37.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "King Addons for Elementor \u2013 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder",
"vendor": "kingaddons",
"versions": [
{
"lessThanOrEqual": "51.1.39",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "D.Sim"
}
],
"descriptions": [
{
"lang": "en",
"value": "The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s Pricing Slider, Pricing Calculator, and Image Accordion widgets in all versions up to, and including, 51.1.39 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:54:24.380Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/57865837-470e-4afd-bb90-d203a78a210b?source=cve"
},
{
"url": "https://wordpress.org/plugins/king-addons/#developers"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-12T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "King Addons for Elementor \u003c= 51.1.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-7960",
"datePublished": "2025-12-13T08:21:13.187Z",
"dateReserved": "2025-07-21T14:56:56.963Z",
"dateUpdated": "2026-04-08T16:54:24.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8489 (GCVE-0-2025-8489)
Vulnerability from nvd – Published: 2025-10-31 06:42 – Updated: 2025-12-01 22:41
VLAI
Title
King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation
Summary
The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that users can register with. This makes it possible for unauthenticated attackers to register with administrator-level user accounts.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kingaddons | King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor |
Affected:
* , ≤ 51.1.14
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T14:26:33.193376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T22:41:14.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "King Addons for Elementor \u2013 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor",
"vendor": "kingaddons",
"versions": [
{
"lessThanOrEqual": "51.1.14",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Thaleikis"
}
],
"descriptions": [
{
"lang": "en",
"value": "The King Addons for Elementor \u2013 Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that users can register with. This makes it possible for unauthenticated attackers to register with administrator-level user accounts."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T06:42:55.486Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1bb2b06-9a3b-4428-8624-26a1202fe3b0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/24.12.93/includes/widgets/Login_Register_Form/Login_Register_Form_Ajax.php#L353"
},
{
"url": "https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.35/includes/widgets/Login_Register_Form/Login_Register_Form_Ajax.php#L160"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-30T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "King Addons for Elementor \u2013 Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-8489",
"datePublished": "2025-10-31T06:42:55.486Z",
"dateReserved": "2025-08-01T21:12:39.827Z",
"dateUpdated": "2025-12-01T22:41:14.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}