Cross-Site Scripting Vulnerability in The Plus Addons for Elementor Page Builder Lite by POSIMYTH
CVE-2024-23511

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
The Plus Addons For Elementor Page Builder Lite
Vendor
CVE Published:
5 January 2026

What is CVE-2024-23511?

A vulnerability exists in The Plus Addons for Elementor Page Builder Lite, allowing an attacker to exploit improper input neutralization during web page generation, which can lead to DOM-based Cross-Site Scripting (XSS) attacks. This issue permits malicious actors to inject and execute scripts in users' browsers, compromising the security of web applications that utilize this plugin. It affects all versions of the plugin prior to 5.3.3, posing a significant risk to the integrity of user data and interactions within affected WordPress sites.

Affected Version(s)

The Plus Addons for Elementor Page Builder Lite <= 5.3.3

References

https://vdp.patchstack.com/database/wordpress/plugin/the-...
vdb-entry

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Abu Hurayra | Patchstack Bug Bounty Program
JSON
.
CVE-2024-23511 : Cross-Site Scripting Vulnerability in The Plus Addons for Elementor Page Builder Lite by POSIMYTH