WordPress Essential Addons for Elementor plugin <= 5.9.14 - Authenticated (Contributor+) Store Cross-Site Scripting via Widget URL Attribute vulnerability

Authenticated Contributor+ Store Cross-Site Scripting via Widget URL Attribute vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Essential Addons for Elementor versions = 5.9.14...

CVE-2024-3266

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...