Stored Cross-Site Scripting Vulnerability in Exclusive Addons for Elementor by Tim Strifler
CVE-2026-57620

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Exclusive Addons Elementor
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-57620?

The Exclusive Addons for Elementor plugin by Tim Strifler is susceptible to a Stored Cross-Site Scripting vulnerability. This occurs due to inadequate input sanitization during web page generation, allowing an attacker to inject malicious scripts that can be executed in the browser of users visiting affected pages. This vulnerability affects versions of the plugin up to 2.7.9.8, potentially leading to unauthorized actions and data theft. Users are advised to update to patched versions to mitigate this risk.

Affected Version(s)

Exclusive Addons Elementor <= 2.7.9.8

References

https://patchstack.com/database/wordpress/plugin/exclusiv...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 25, 2026

Credit

Nguyen Ba Khanh | Patchstack Bug Bounty Program

CVE-2026-57620 Data

JSON