Randomroot

**Name of the Vulnerable Software and Affected Versions** The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress versions up to, and including, 1.4.4.3 **Description** The issue is related to Stored Cross-Site Scripting via the `arrow` parameter within the Post Grid widget due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.4.4.3, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the Post Grid widget or disabling the `arrow` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress versions up to, and including, 3.9.10 **Description** The issue is related to Stored Cross-Site Scripting via the PDF Widget URL due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.9.10, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the PDF Widget URL to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Brizy – Page Builder plugin for WordPress versions prior to 2.4.44 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's contact form widget error message and redirect URL due to insufficient input sanitization and output escaping on user-supplied error messages. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions prior to 2.4.44, update to version 2.4.44 or later to resolve the issue. As a temporary workaround, consider restricting contributor-level and above permissions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WPB Elementor Addons plugin for WordPress versions up to, and including, 1.0.9 **Description** The issue is related to Stored Cross-Site Scripting via the output of 'tags' added to widgets due to insufficient input sanitization and output escaping on user-supplied tag attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.0.9, update to a version higher than 1.0.9 to resolve the issue. As a temporary workaround, consider restricting access to the widget functionality that allows adding 'tags' to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.6.0 **Description** The issue is related to Stored Cross-Site Scripting via the `tab link` attribute of the Panel Slider widget due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 5.6.0, update to a version later than 5.6.0 to resolve the issue. As a temporary workaround, consider restricting access to the Panel Slider widget to minimize the risk of exploitation. Additionally, restrict contributor-level access and above to authorized personnel only.

**Name of the Vulnerable Software and Affected Versions** Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.4 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the `carousel skin` attribute of the Posts Carousel widget. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. **Recommendations** For versions up to, and including, 8.3.4, update to a version higher than 8.3.4 to resolve the issue. As a temporary workaround, consider restricting access to the Posts Carousel widget for users with contributor-level access and above until a patch is available. Avoid using the `carousel skin` attribute in the Posts Carousel widget until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** The Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.10.3 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's Photo Stack Widget due to insufficient input sanitization and output escaping on user supplied attributes. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.10.3, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the Photo Stack Widget for users with contributor-level and above permissions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ElementsKit Elementor addons plugin for WordPress versions up to, and including, 3.0.4 **Description** The issue is related to Stored Cross-Site Scripting via the blog post read more button due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.0.4, update to a version higher than 3.0.4 to resolve the issue. As a temporary workaround, consider restricting access to the blog post read more button feature until a patch is available. Additionally, restrict contributor access and above to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Beaver Builder – WordPress Page Builder plugin for WordPress versions up to, and including, 2.7.4.2 **Description** The issue is related to Stored Cross-Site Scripting via the `image URL` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.7.4.2, update to a version higher than 2.7.4.2 to resolve the issue. As a temporary workaround, consider restricting access to the `image URL` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Beaver Builder – WordPress Page Builder plugin for WordPress versions up to, and including, 2.7.4.2 **Description** The issue is related to Stored Cross-Site Scripting via the `link url` parameter in the audio widget, caused by insufficient input sanitization and output escaping. This allows authenticated attackers with contributor access or above to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. **Recommendations** For versions up to, and including, 2.7.4.2, update to a version higher than 2.7.4.2 to resolve the issue. As a temporary workaround, consider restricting access to the audio widget or disabling the `link url` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Orbit Fox by ThemeIsle plugin for WordPress versions up to, and including, 2.10.30 **Description** The issue is related to Stored Cross-Site Scripting via the Pricing Table widget in the `$settings['title tags']` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor access or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.10.30, update to a version higher than 2.10.30 to resolve the issue. As a temporary workaround, consider restricting access to the Pricing Table widget for users with contributor access or above until a patch is available. Avoid using the `$settings['title tags']` parameter in the Pricing Table widget until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** The Prime Slider – Addons For Elementor plugin for WordPress versions up to, and including, 3.13.2 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the `settings['title tags']` attribute of the Mercury widget. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. **Recommendations** For versions up to, and including, 3.13.2, update to a version that addresses the insufficient input sanitization and output escaping issue in the `settings['title tags']` attribute of the Mercury widget. As a temporary workaround, consider restricting access to the Mercury widget for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.12 **Description** The issue is related to Stored Cross-Site Scripting via the `button1 icon` attribute of the Dual Button widget due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.12.12, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the Dual Button widget for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Exclusive Addons for Elementor plugin for WordPress versions up to, and including, 2.6.9 **Description** The issue is related to Stored Cross-Site Scripting via the Countdown Timer widget due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.6.9, update to a version higher than 2.6.9 to resolve the issue. As a temporary workaround, consider restricting access to the Countdown Timer widget to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CodeMirror Blocks plugin for WordPress versions up to, and including, 1.2.4 **Description** The issue is related to Stored Cross-Site Scripting via the Code Mirror block due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.2.4, update to a version higher than 1.2.4 to resolve the issue. As a temporary workaround, consider restricting access to the Code Mirror block to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.6.2 **Description** The issue is related to insufficient input sanitization and output escaping, allowing for Stored Cross-Site Scripting via HTML Tag attributes. This enables authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.6.2, update to a version that includes the necessary security patches to address the insufficient input sanitization and output escaping. As a temporary workaround, consider restricting access to the HTML Tag attributes feature until a patch is available. Restrict permissions for contributors and above to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.8 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, specifically via the Content Ticker arrow attribute. This allows authenticated attackers with contributor access or above to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. **Recommendations** For versions up to, and including, 5.9.8, update to a version higher than 5.9.8 to resolve the issue. As a temporary workaround, consider restricting contributor access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Bold Page Builder plugin for WordPress versions up to, and including, 4.8.0 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's shortcode(s) due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 4.8.0, update to a version later than 4.8.0 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's shortcode(s) to minimize the risk of exploitation. Additionally, restrict permissions to prevent authenticated attackers with contributor-level and above permissions from injecting arbitrary web scripts.