Vulnerabilities > CVE-2021-24258 - Unspecified vulnerability in Wpmet Elements KIT Elementor Addons
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
Vulnerable Configurations
References
- https://wpscan.com/vulnerability/47b47b86-899b-4de3-8a3c-2d5d1774298f
- https://wpscan.com/vulnerability/47b47b86-899b-4de3-8a3c-2d5d1774298f
- https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/
- https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/