Khalid

**Name of the Vulnerable Software and Affected Versions** Card Elements for Elementor versions 1.2.2 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 1.2.2 and earlier, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xpro Elementor Addons versions 1.4.4.2 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 1.4.4.2 and earlier, update to a version later than 1.4.4.2 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Iqonic Design Graphina versions 1.8.10 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. **Recommendations** For Iqonic Design Graphina versions 1.8.10 and earlier, update to a version later than 1.8.10 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ultimate Addons for Beaver Builder – Lite versions 1.5.9 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS. **Recommendations** For Ultimate Addons for Beaver Builder – Lite versions 1.5.9 and earlier, update to a version later than 1.5.9 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LA-Studio Element Kit for Elementor versions 1.3.9.2 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For LA-Studio Element Kit for Elementor versions 1.3.9.2 and earlier, update to a version later than 1.3.9.2 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Extensions for Elementor versions 2.0.31 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 2.0.31 and earlier, update to a version later than 2.0.31 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Blogmentor – Blog Layouts for Elementor versions n/a through 1.5 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS, which can be exploited. **Recommendations** For versions n/a through 1.5, as a temporary workaround, consider disabling any features that allow user input in web page generation until a patch is available. Restrict access to sensitive areas of the Blogmentor – Blog Layouts for Elementor to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Post Author versions 3.6.7 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 3.6.7 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ninja Beaver Add-ons for Beaver Builder versions through 2.4.5 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions through 2.4.5, update to a version later than 2.4.5 to resolve the issue. As a temporary workaround, consider restricting user input in web page generation to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sky Addons for Elementor versions 2.5.5 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 2.5.5 and earlier, update to a version later than 2.5.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** EazyDocs versions prior to 2.5.0 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** clicklabs Medienagentur Download Button for Elementor versions 1.2.1 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For clicklabs Medienagentur Download Button for Elementor versions 1.2.1 and earlier, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Codeless Cowidgets – Elementor Addons versions 1.1.1 and earlier **Description** The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, in Codeless Cowidgets – Elementor Addons. This vulnerability allows Path Traversal. **Recommendations** For versions 1.1.1 and earlier, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Elementor Addons, Widgets and Enhancements – Stax versions 1.4.4.1 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS, which can be exploited by attackers. **Recommendations** For versions 1.4.4.1 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Image Hover Effects - Caption Hover with Carousel versions 3.0.2 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 3.0.2 and earlier, update to a version later than 3.0.2 to resolve the issue. As a temporary workaround, consider disabling any features that allow user input to be displayed on web pages until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** UltraAddons Elementor Lite versions through 1.1.6 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for potential exploitation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions through 1.1.6, update to a version later than 1.1.6 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Master Addons for Elementor versions 2.0.5.4.1 and earlier **Description** The issue is related to a Missing Authorization vulnerability in the Jewel Theme Master Addons for Elementor. **Recommendations** For Master Addons for Elementor versions 2.0.5.4.1 and earlier, update to a version later than 2.0.5.4.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Awesome Support versions 6.1.7 and earlier **Description** The issue is related to a Missing Authorization vulnerability in Awesome Support Team Awesome Support. **Recommendations** For versions 6.1.7 and earlier, update to a version later than 6.1.7 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Testimonial Carousel For Elementor versions n/a through 10.1.1 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions n/a through 10.1.1, update to a version later than 10.1.1 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Master Addons for Elementor versions 2.0.5.9 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For Master Addons for Elementor versions 2.0.5.9 and earlier, update to a version later than 2.0.5.9 to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages until the update is applied.