2 matches found
CVE-2021-24264
The CVE concerns the WordPress plugin Image Hover Effects – Elementor Addon (before 1.3.4). A widget vulnerability enables stored XSS by low-privileges (e.g., contributors) via the eihe_tag parameter, where saving with a crafted value (including JavaScript) leads to code execution when the page i...
CVE-2021-24264 Image Hover Effects - Elementor Addon < 1.3.4 - Contributor+ Stored XSS
The “Image Hover Effects – Elementor Addon” WordPress Plugin before 1.3.4 has a widget that is vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...