Elements kit Elementor addons

Roxnor

Developer

3.7.5

Latest version

1,000,000

Installations

Oct 28, 2025

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

0 present

20 fixed

2 Mitigation rules

Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget vulnerability
<= 3.5.2
Jun 19, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 3.4.7
Mar 29, 2025
Unauthenticated Information Exposure via get_megamenu_content Function vulnerability
<= 3.4.0
Feb 19, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget vulnerability
<= 3.4.0
Feb 14, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 3.2.9
Oct 25, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget vulnerability
<= 3.2.7
Sep 25, 2024
Unauthenticated Information Exposure via ekit_widgetarea_content Function vulnerability
<= 3.2.0
Jul 18, 2024
Unauthenticated Broken Access Control vulnerability
<= 3.1.4
Jun 27, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget vulnerability
<= 3.1.2
May 1, 2024
Authenticated (Contributor+) Local File Inclusion via Onepage Scroll Module vulnerability
<= 3.1.0
Apr 24, 2024
Cross Site Scripting (XSS) vulnerability
<= 3.0.6
Apr 15, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability
<= 3.0.7
Apr 4, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 3.0.6
Apr 1, 2024
Authenticated (Contributor+) Local File Inclusion in render_raw vulnerability
<= 3.0.6
Apr 1, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget vulnerability
<= 3.0.5
Mar 18, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 3.0.4
Mar 18, 2024
Authenticated(Editor+) Stored Cross-Site Scripting vulnerability
<= 3.0.3
Mar 18, 2024
Unauthenticated Sensitive Information Exposure vulnerability
<= 3.0.3
Jan 8, 2024
Broken Access Control vulnerability
<= 2.9.0
Aug 23, 2023
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
<= 2.1.7
Apr 13, 2021