CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34012 – WordPress Premium Addons PRO Plugin <= 2.8.24 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-34012
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premium Addons for Elementor Premium Addons PRO plugin <= 2.8.24 versions. The Premium Addons PRO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.8.24 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/premium-addons-pro/wordpress-premium-addons-pro-plugin-2-8-24-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24257 – Premium Addons for Elementor < 4.2.8 - Contributor+ Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24257
The “Premium Addons for Elementor” WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. El Plugin de WordPress "Premium Addons for Elementor" versiones anteriores a 4.2.8, presenta varios widgets que son vulnerables a un ataque de tipo Cross-Site Scripting (XSS) almacenado por usuarios con menos privilegios, como los contribuyentes, todo por medio de un método similar • https://wpscan.com/vulnerability/4ad8314e-1cbe-4642-b4ee-aac2060f9a25 https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •