Stored Cross-Site Scripting Vulnerability in Essential Addons for Elementor by WordPress
CVE-2026-6459
6.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 8 July 2026
What is CVE-2026-6459?
The Essential Addons for Elementor plugin, utilized for enhancing Elementor templates and widgets, is susceptible to a Stored Cross-Site Scripting issue. This vulnerability arises from a lack of adequate input sanitization and output escaping of event titles from The Events Calendar. Authenticated attackers with Author-level permissions or greater can exploit this flaw to inject malicious scripts into web pages. These scripts will execute whenever users visit the affected pages, posing significant risks to site integrity and user security.
Affected Version(s)
Essential Addons for Elementor β Popular Elementor Templates & Widgets 0 <= 6.6.2