GCVE - cpe:2.3:a:staxwp:stax:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:staxwp:stax:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Staxwp (`669ecf3f-4731-51b5-a01f-e352f9485dad`)
Product	Stax (`b587fd5a-8d03-5710-bcd2-8a3158cf5f78`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-37541`	vulnerable	2026-06-08 06:39:47.892276	WordPress Elementor Addons, Widgets and Enhancements – Stax plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability MEDIUM (6.5) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StaxWP Elementor Addons, Widgets and Enhancements – Stax stax-addons-for-elementor allows DOM-Based XSS.This issue affects Elementor Addons, Widgets and Enhancements – Stax: from n/a through <= 1.5.0. Published: 2024-07-06T12:33:06.089Z Updated: 2026-04-28T16:10:00.821Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/stax-addons-for-elementor/vulnerability/wordpress-elementor-addons-widgets-and-enhancements-stax-plugin-1-4-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-2189`	vulnerable	2026-06-08 06:02:41.585805	Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Missing Authorization in toggle_widget MEDIUM (4.3) The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable Elementor widgets. Published: 2023-06-09T05:33:24.777Z Updated: 2026-04-08T17:09:25.355Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/926550bb-265d-4811-a375-10c47e9fb4d6?source=cve https://plugins.trac.wordpress.org/browser/stax-addons-for-elementor/trunk/core/admin/pages/Widgets.php#L31 https://plugins.trac.wordpress.org/changeset/2934787/stax-addons-for-elementor	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-1807`	vulnerable	2026-06-08 05:52:37.075808	Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Cross-Site Request Forgery via toggle_widget MEDIUM (4.3) The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. This is due to missing or incorrect nonce validation on the toggle_widget function. This makes it possible for unauthenticated attackers to enable or disable Elementor widgets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Published: 2023-06-09T05:33:31.920Z Updated: 2026-04-08T17:19:49.071Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/c12094bd-aa23-4f9b-92e1-d1d4284fb2a0?source=cve https://plugins.trac.wordpress.org/browser/stax-addons-for-elementor/trunk/core/admin/pages/Widgets.php#L31 https://plugins.trac.wordpress.org/changeset/2934787/stax-addons-for-elementor	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.