WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.A cross-site scripting vulnerability exists in the WordPress plugin PowerPack Addons for Elementor, which stems from the program not escaping tab parameters before exporting them back to the properties of the admin dashboard. An attacker could exploit the vulnerability to steal cookie-based authentication credentials.