Vulnerabilities > CVE-2021-24255 - Unspecified vulnerability in Wpdeveloper Essential Addons for Elementor
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, both via a similar method.
Vulnerable Configurations
References
- https://wpscan.com/vulnerability/7fb708da-e8c4-4455-b4f9-c4ad72f877da
- https://wpscan.com/vulnerability/7fb708da-e8c4-4455-b4f9-c4ad72f877da
- https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/
- https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/