2 matches found
CVE-2024-3887 Royal Elementor Addons and Templates <= 1.3.974 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Builder Widget
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder widget in all versions up to, and including, 1.3.974 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Royal Elementor Addons Plugin <= 1.3.974 is vulnerable to Cross Site Scripting (XSS)
Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.974 Fixed in 1.3.975 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3887 Patch priority Low CVSS severity Low 6.5 Developer WProyal PSID d2ab33ccd3b4 Credits Tim Coen Ngô Thiên An...