GCVE - cpe:2.3:a:brainstormforce:ultimate_addons_for

Approved changes feed: RSS · Atom

cpe:2.3:a:brainstormforce:ultimate_addons_for_elementor:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Brainstormforce (`cbcfaca7-5435-578c-aa63-084725e31f3b`)
Product	Ultimate Addons For Elementor (`d744cd44-7a38-52d9-91a6-c49c4e40ca72`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-37455`	vulnerable	2026-06-03 14:56:06.694840	WordPress Ultimate Addons for elementor plugin <= 1.36.31 - Privilege Escalation vulnerability HIGH (8.8) Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31. Published: 2024-07-09T10:48:20.996Z Updated: 2026-04-28T16:09:59.237Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/ultimate-elementor/wordpress-ultimate-addons-for-elementor-plugin-1-36-31-privilege-escalation-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-24271`	vulnerable	2026-06-03 14:43:56.680560	Ultimate Addons for Elementor < 1.30.0 - Contributor+ Stored XSS The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. Published: 2021-05-05T18:28:47.000Z Updated: 2024-08-03T19:28:22.719Z Open on db.gcve.eu Reference links https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/ https://wpscan.com/vulnerability/1ce8e188-6ded-413e-b4d1-bf80258acf79	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-13125`	vulnerable	2026-06-03 14:41:36.286902	Details available HIGH (7.2) An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled. Published: 2020-05-17T00:39:00.000Z Updated: 2024-08-04T12:11:19.263Z Open on db.gcve.eu Reference links https://wpvulndb.com/vulnerabilities/10214 https://www.wordfence.com/blog/2020/05/combined-attack-on-elementor-pro-and-ultimate-addons-for-elementor-puts-1-million-sites-at-risk/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Ultimate Addons For Elementor

PURL mappings

Vulnerability references

Contribute