2 matches found
CVE-2024-4459
CVE-2024-4459 affects Themesflat Addons For Elementor for WordPress. The vulnerability is Stored Cross-Site Scripting via widget titles, present in all versions up to 2.1.1 according to the initial description, with supporting detail in Patchstack that versions
CVE-2024-4459 Themesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Titles
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget's titles in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...