CVE-2021-24255: Essential Addons for Elementor < 4.5.4 - Contributor+ Stored Cross-Site Scripting (XSS)
First published: Wed May 05 2021(Updated: )
The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, both via a similar method.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wpdeveloper Essential Addons For Elementor | <4.5.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-24255.
What is the severity level of CVE-2021-24255?
CVE-2021-24255 has a severity level of medium.
Which plugin version of Essential Addons for Elementor Lite is affected?
The vulnerability affects Essential Addons for Elementor Lite WordPress Plugin versions up to 4.5.4.
Who can exploit the stored Cross-Site Scripting (XSS) vulnerability in this plugin?
Lower-privileged users such as contributors can exploit the stored Cross-Site Scripting (XSS) vulnerability in this plugin.
Where can I find more information about CVE-2021-24255?
You can find more information about CVE-2021-24255 at the following references: [link1](https://wpscan.com/vulnerability/7fb708da-e8c4-4455-b4f9-c4ad72f877da), [link2](https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/).
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/event
- agent/first-publish-date
- agent/description
- vendor/wpdeveloper
- canonical/wpdeveloper essential addons for elementor