Medium 6.4
2025-12-13< 2.5.7
All-in-One Addons for Elementor – WidgetKit <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team and Countdown Widgets
All-in-One Addons for Elementor – WidgetKit
Minimum safe version
2.5.7
Update to 2.5.7 or later to address 9 fixable vulnerabilities
Latest available2.5.9 ✓⚠ 2 vulnerabilities have no fix
Medium 6.4
2025-07-02< 2.5.5
All-in-One Addons for Elementor – WidgetKit <= 2.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via button+modal Widget
Medium 6.5
2025-06-06< 2.5.5
CVE-2025-49074
Medium 4.3 Unfixed
2025-03-08≤ 2.5.5
All-in-One Addons for Elementor – WidgetKit <= 2.5.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates
Medium 5.4
2024-07-22< 2.5.1
CVE-2024-37428
Medium 6.5
2024-05-08< 2.5.0
CVE-2024-34548
Medium 5.3
2024-05-06< 2.5.5
CVE-2024-33908
Medium 5.4 Unfixed
2024-04-15≤ 2.5.1
WordPress WidgetKit Plugin <= 2.4.8 is vulnerable to Cross Site Scripting (XSS)
Medium 4.8
2023-12-06< 2.4.4
WordPress WidgetKit Plugin < 2.4.4 is vulnerable to Cross Site Scripting (XSS)
N/A
2021-04-13< 2.3.10
WordPress WidgetKit plugin <= 2.3.9 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Medium 5.4
2021-05-05< 2.3.10
CVE-2021-24267