CVE-2021-24205
The CVE applies to the Elementor Website Builder WordPress plugin (before 3.1.4). The icon box widget’s title_size parameter can be exploited by a user with Contributor+ permissions via a modified save_builder request, enabling stored XSS because the JavaScript is not filtered/escaped and execute...