2 matches found
CVE-2026-5159
creationtimestamp| type| source ---|---|--- 2026-05-05 06:48:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml3lr4hz2p2h 2026-05-05 18:14:51+00:00| seen| https://bsky.app/profile/donwebmedia.bsky.social/post/3ml4s4z77en2l...
CVE-2026-5159 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Follow Button Text' Parameter
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...