CVE-2021-24255 – Essential Addons for Elementor < 4.5.4 - Contributor+ Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24255
The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, both via a similar method. El Plugin de WordPress Essential Addons for Elementor Lite versiones 4.5.4 presentan dos widgets que son vulnerables a un ataque de tipo Cross-Site Scripting (XSS) almacenado por parte de usuarios menos privilegiados, como contribuyentes, ambos por medio de un método similar • https://wpscan.com/vulnerability/7fb708da-e8c4-4455-b4f9-c4ad72f877da https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •