The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce

Vulnerabilities 37Slug the-plus-addons-for-elementor-page-builderLatest version 6.4.14WordPress.org →

Minimum safe version

6.4.10

Update to 6.4.10 or later to address 37 fixable vulnerabilities

Latest available6.4.14 ✓

N/A

2026-02-18< 6.4.8

The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Incorrect Authorization to Authenticated (Author+) Arbitrary Draft Post Creation via 'post_type'

Wordfence CVE

N/A

2026-02-21< 6.4.8

The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Unauthenticated Email Relay

Wordfence CVE

N/A

2026-04-07< 6.4.10

The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar

Wordfence CVE

Medium 6.8

2025-10-13< 6.3.16

The Plus Addons for Elementor <= 6.3.15 - Authenticated (Author+) Stored Cross-Site Scripting via SVG

EUVD Wordfence CVE

Medium 6.5

2025-08-14< 6.3.14

CVE-2025-55712

CVE Wordfence EUVD

Medium 6.4

2025-08-01< 6.3.11

The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

EUVD Wordfence CVE

Medium 6.5

2025-06-06< 6.2.8

CVE-2025-49076

CVE EUVD Wordfence

Medium 6.4

2025-03-08< 6.2.3

The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

EUVD Wordfence CVE

Medium 6.4

2025-02-01< 6.2.0

CVE-2024-11829

CVE EUVD Wordfence

Medium 6.5

2024-12-06< 6.0.1

CVE-2024-53823

CVE Wordfence Patchstack

Medium 4.3

2024-11-20< 6.0.4

CVE-2024-10365