CVE-2026-4655

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient input sanitization and output escaping on SVG content fetched from remote URLs in the rendersvg...

CVE-2026-4655

The CVE concerns the WordPress plugin Element Pack Addons for Elementor (SVG Image Widget) up to version 8.4.2. Root cause: render_svg() fetches SVG content from remote URLs using wp_safe_remote_get() and echoes it without proper sanitization beyond a regex that only adds attributes to the SVG ta...

CVE-2026-4655 Element Pack Addons for Elementor <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient input sanitization and output escaping on SVG content fetched from remote URLs in the rendersvg...

WordPress Element Pack Addons for Elementor plugin <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via SVG Image Widget vulnerability discovered by Webbernaut in WordPress Plugin Element Pack Elementor Addons versions = 8.4.2...