João Pedro Soares De Alcântara

**Name of the Vulnerable Software and Affected Versions** The Plus Addons for Elementor versions prior to 6.4.16 **Description** The plugin is subject to Stored Cross-Site Scripting, a flaw where malicious scripts are permanently stored on the target server. The issue exists in the Carousel Anything widget due to insufficient output escaping within the `render()` function. Specifically, the `carousel direction` parameter is placed into an unquoted HTML attribute (`dir=`), which allows attribute injection even when `esc attr()` is used. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages that execute when accessed by other users. **Recommendations** Update to a version later than 6.4.15. As a temporary workaround, restrict access to the Carousel Anything widget or avoid using the `carousel direction` parameter until the update is applied.

**Name of the Vulnerable Software and Affected Versions** The7 theme for WordPress versions prior to 14.3.3 **Description** Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping on the `title` component of the `link` shortcode parameter within the 'dt default button' shortcode. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages, which execute when a user visits the affected page. **Recommendations** Update to a version later than 14.3.2. As a temporary workaround, restrict the use of the 'dt default button' shortcode for users with Contributor-level access.

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor versions up to, and including, 5.6.2 Description: The issue is related to Stored Cross-Site Scripting via the `video date` attribute within the plugin's Video widget due to insufficient input sanitization and output escaping. This allows authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Recommendations: For versions up to, and including, 5.6.2, update to a version later than 5.6.2 to resolve the issue. As a temporary workaround, consider restricting access to the Video widget until a patch is available. Avoid using the `video date` attribute in the affected Video widget until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: WPBakery Visual Composer plugin for WordPress versions up to, and including, 7.7 Description: The issue allows authenticated attackers with Author-level access and above, and with post permissions granted by an Administrator, to include and execute arbitrary files on the server via the `layout name` parameter. This enables the execution of any PHP code in those files, which can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. Recommendations: For versions up to, and including, 7.7, consider disabling the `layout name` parameter until a patch is available to prevent the inclusion and execution of arbitrary files. Restrict access to file uploads and execution to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: WPBakery Visual Composer plugin for WordPress versions up to, and including, 7.7 Description: The issue is related to Stored Cross-Site Scripting via the `link` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with Author-level access and above, and with post permissions granted by an Administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Recommendations: For versions up to, and including, 7.7, consider disabling the `link` parameter in the WPBakery Visual Composer plugin until a patch is available to prevent exploitation. Restrict access to pages that may have been injected with malicious scripts to minimize the risk of execution.

**Name of the Vulnerable Software and Affected Versions** The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.6.5 **Description** The issue is related to Stored Cross-Site Scripting via the `social-link-title` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 5.6.5, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the `social-link-title` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Ultimate Blocks – WordPress Blocks Plugin versions up to, and including, 3.1.9 **Description** The issue is related to Stored Cross-Site Scripting via the `title` tag parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor access and higher to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. **Recommendations** For versions up to, and including, 3.1.9, update to a version higher than 3.1.9 to resolve the issue. As a temporary workaround, consider restricting access to the title tag parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HT Mega – Absolute Addons For Elementor plugin for WordPress versions up to, and including, 2.5.5 **Description** The issue is related to Stored Cross-Site Scripting via the Video player widget settings due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.5.5, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the Video player widget settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress versions up to, and including, 2.2.80 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing authenticated attackers with contributor access and above to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.2.80, update the plugin to a version that includes the necessary security patches to address the insufficient input sanitization and output escaping. As a temporary workaround, consider restricting contributor access and above to minimize the risk of exploitation. Monitor for patches and apply them as soon as they become available to ensure the security of the WordPress installation.

**Name of the Vulnerable Software and Affected Versions** The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress versions up to, and including, 4.5.12 **Description** The issue is related to Stored Cross-Site Scripting via the `tagName` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 4.5.12, update to a version higher than 4.5.12 to resolve the issue. As a temporary workaround, consider restricting access to the `tagName` parameter to minimize the risk of exploitation. Additionally, restrict contributor-level permissions to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** HT Mega – Absolute Addons For Elementor plugin for WordPress versions up to, and including, 2.4.9 **Description** The issue is related to Stored Cross-Site Scripting via the Image Grid widget's attributes due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.4.9, update to a version higher than 2.4.9 to resolve the issue. As a temporary workaround, consider restricting access to the Image Grid widget's attributes to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.3.96 **Description** The issue is related to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags due to insufficient input sanitization and output escaping on user supplied attributes, such as `HTML tags`. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. **Recommendations** For versions up to, and including, 1.3.96, update to a version higher than 1.3.96 to resolve the issue. As a temporary workaround, consider restricting access to the Image Grid & Advanced Text widget for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress versions up to, and including, 4.5.9 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's "Social Icons" block due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 4.5.9, update to a version later than 4.5.9 to resolve the issue. As a temporary workaround, consider restricting access to the "Social Icons" block until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress versions up to, and including, 2.6.8 **Description** The issue is related to Stored Cross-Site Scripting via SVG file upload due to insufficient input sanitization and output escaping. This allows authenticated attackers with author-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.6.8, update to a version higher than 2.6.8 to resolve the issue. As a temporary workaround, consider restricting access to the SVG file upload feature to minimize the risk of exploitation. Additionally, restrict access to pages that may have been injected with malicious scripts to prevent their execution.

**Name of the Vulnerable Software and Affected Versions** The Bold Page Builder plugin for WordPress versions up to, and including, 4.8.8 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's "Separator" element due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 4.8.8, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the "Separator" element for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Bold Page Builder plugin for WordPress versions up to, and including, 4.8.8 **Description** The issue is related to Stored Cross-Site Scripting via HTML Tags due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 4.8.8, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting contributor-level access and above to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Bold Page Builder plugin for WordPress versions up to, and including, 4.8.8 **Description** The issue is related to Stored Cross-Site Scripting via the 'Price List' element due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 4.8.8, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the 'Price List' element for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Bold Page Builder plugin for WordPress versions up to, and including, 4.8.8 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's AI features due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 4.8.8, update to a version higher than 4.8.8 to resolve the issue. As a temporary workaround, consider restricting access to the AI features of the plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JetWidgets For Elementor plugin for WordPress versions up to, and including, 1.0.16 **Description** The issue is related to Stored Cross-Site Scripting via the widget button URL due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.0.16, update to a version higher than 1.0.16 to resolve the issue. As a temporary workaround, consider restricting access to the widget button URL to minimize the risk of exploitation. Additionally, limiting contributor-level access and above can help reduce the attack surface until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** The Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.10.4 **Description** The issue is related to Stored Cross-Site Scripting via the Post Title HTML Tag due to insufficient input sanitization and output escaping on user supplied attributes. This allows authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.10.4, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the Post Title HTML Tag feature until a patch is available.