CVE-2021-24267

The “All-in-One Addons for Elementor – WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

Cross site scripting

The “All-in-One Addons for Elementor – WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

CVE-2021-24267

The WordPress plugin All-in-One Addons for Elementor – WidgetKit (before 2.3.10) contains stored XSS in multiple widgets. Root cause: input parameters such as custom_header_tag and post_header_tag (and similar heading_tag) are not properly filtered/escaped, allowing JavaScript to be saved via a s...

CVE-2021-24267 All-in-One Addons for Elementor - WidgetKit < 2.3.10 - Contributor+ Stored XSS

The “All-in-One Addons for Elementor – WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

All-in-One Addons for Elementor - WidgetKit < 2.3.10 - Contributor+ Stored XSS

The “All-in-One Addons for Elementor – WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method. The “Content Carousel” widget accepts “customheadertag” and...

WordPress WidgetKit plugin <= 2.3.9 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered by WordFence in WordPress WidgetKit plugin versions = 2.3.9. Solution Update the WordPress WidgetKit plugin to the latest available version at least 2.3.10...