Stored Cross-Site Scripting Vulnerability in Essential Addons for Elementor by WordPress
CVE-2026-6459

6.4MEDIUM

What is CVE-2026-6459?

The Essential Addons for Elementor plugin, utilized for enhancing Elementor templates and widgets, is susceptible to a Stored Cross-Site Scripting issue. This vulnerability arises from a lack of adequate input sanitization and output escaping of event titles from The Events Calendar. Authenticated attackers with Author-level permissions or greater can exploit this flaw to inject malicious scripts into web pages. These scripts will execute whenever users visit the affected pages, posing significant risks to site integrity and user security.

Affected Version(s)

Essential Addons for Elementor – Popular Elementor Templates & Widgets 0 <= 6.6.2

References

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dmitrii Ignatyev
.