PT-2026-24200 · Elementor+1 · Elementor+1

Athiwat Tiprasaharn

Publicado

2026-03-10

Atualizado

2026-03-10

CVE-2026-2724

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Unlimited Elements for Elementor plugin for WordPress versions prior to 2.0.6

Description The Unlimited Elements for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through the form entry fields. This is caused by inadequate input sanitization and output escaping of form submission data when displayed in the admin Form Entries Trash view. This allows unauthenticated attackers to inject arbitrary web scripts that will execute when an administrator views the trashed form entries.

Recommendations Update the Unlimited Elements for Elementor plugin to version 2.0.6 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2026-2724

Produtos afetados

Elementor

Unlimited Elements For Elementor

PT-2026-24200 · Elementor+1 · Elementor+1

CVE-2026-2724

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11