CVE-2021-24257

Name of the Vulnerable Software and Affected Versions Premium Addons for Elementor versions prior to 4.2.8

Description The issue concerns stored Cross-Site Scripting (XSS) in several widgets of the plugin, which can be exploited by lower-privileged users such as contributors. The exploitation occurs via a similar method across the affected widgets.

Recommendations For versions prior to 4.2.8, update to version 4.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable widgets to prevent exploitation by lower-privileged users.