2 matches found
CVE-2021-24258 ElementsKit and ElementsKit Pro < 2.2.0 - Contributor+ Stored XSS
The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...
CVE-2021-24258
Summary (CVE-2021-24258): The WordPress plugins Elements Kit Lite and Elements Kit Pro (before 2.2.0) expose stored XSS in multiple widgets. A lower-privileged user (e.g., contributor) can inject JavaScript via crafted save_builder requests into post content, which is then executed when the post ...