CVE-2021-24261

Name of the Vulnerable Software and Affected Versions HT Mega – Absolute Addons for Elementor Page Builder versions prior to 1.5.7

Description The issue concerns stored Cross-Site Scripting (XSS) in several widgets of the plugin, which can be exploited by lower-privileged users, such as contributors. The exploitation occurs via a similar method in the affected widgets.

Recommendations For versions prior to 1.5.7, update to version 1.5.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable widgets to prevent exploitation by lower-privileged users.