Stored Cross-Site Scripting Vulnerability in Premium Addons for Elementor Plugin
CVE-2024-6495
5.4MEDIUM
What is CVE-2024-6495?
The Premium Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting vulnerabilities stemming from inadequate input sanitization and output escaping on user-supplied attributes in its Animated Text widget. This flaw permits authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. When users access these modified pages, the injected scripts execute, potentially leading to unauthorized actions or data exposure.