CVE-2021-24257: Premium Addons for Elementor < 4.2.8 - Contributor+ Stored Cross-Site Scripting (XSS)
First published: Wed May 05 2021(Updated: )
The “Premium Addons for Elementor” WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Leap13 Premium Addons For Elementor | <4.2.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-24257.
What is the affected software of this vulnerability?
The affected software of this vulnerability is the 'Premium Addons for Elementor' WordPress Plugin before version 4.2.8.
What is the severity of CVE-2021-24257?
The severity of CVE-2021-24257 is medium with a severity value of 5.4.
What is the main risk of this vulnerability?
The main risk of this vulnerability is stored Cross-Site Scripting (XSS) attacks by lower-privileged users.
How can I fix CVE-2021-24257?
To fix CVE-2021-24257, update the 'Premium Addons for Elementor' WordPress Plugin to version 4.2.8 or higher.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/event
- agent/first-publish-date
- agent/description
- vendor/leap13
- canonical/leap13 premium addons for elementor