4 matches found
CVE-2025-4943
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-lakit-element-link’ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-4943
creationtimestamp| type| source ---|---|--- 2025-05-30 08:07:30+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqerjzcbzwe2...
CVE-2025-4943
The CVE-2025-4943 entry concerns the LA-Studio Element Kit for Elementor WordPress plugin. It describes a Stored Cross-Site Scripting (XSS) vulnerability via the data-lakit-element-link parameter present in all versions up to and including 1.5.2, caused by insufficient input sanitization and outp...
CVE-2025-4943 LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-lakit-element-link Parameter
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-lakit-element-link’ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...