2 matches found
CVE-2021-24255 Essential Addons for Elementor < 4.5.4 - Contributor+ Stored Cross-Site Scripting (XSS)
The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 has two widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, both via a similar method...
CVE-2021-24255
CVE-2021-24255 affects the WordPress plugin Essential Addons for Elementor Lite prior to version 4.5.4. The issue is a stored XSS in two widgets (as described in public CVE sources): input fields used by lower-privileged users (e.g., contributors) are not properly sanitized, allowing injected Jav...