LA-Studio Element Kit for Elementor

LA-Studio Element Kit for Elementor

lastudio-element-kit
WordPress Plugin DirectoryWordPress Plugin Directory
WordPress Pluginwordpress.org
la-studioweb.comla-studioweb.com
Releases30
Frequency2 months 5 days
Last Release
Downloads221K

LA-Studio Kit is an ultimate All in one addons for Elementor Page Builder, it will help you create a perfect website using Elementor.

KEY FEATURES

  • Header Footer Builder
  • Theme Builder
  • Archive Page Builder
  • Search Result Page Builder
  • 50+ Free Widgets
  • 35+ Ready Pages
  • 50+ Ready Sections
  • WooCommerce Widgets
  • Cross-Browser Compatible
  • Fully Responsive
  • Expert Support Team
  • Build with Elementor
  • and more …

SUPPORT

Found issue or new features? Contact our team from here.

Log in to subscribe

CVE History

CVEPublishedCVSS v3CVSS v2
CVE-2025-4944
6.4 MEDIUM

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Compare and Google Maps widgets in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2025-4943
6.4 MEDIUM

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-lakit-element-link’ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2025-3106
6.4 MEDIUM

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Table of Contents widget in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.