CVE-2021-24262

Name of the Vulnerable Software and Affected Versions WooLentor – WooCommerce Elementor Addons + Builder versions prior to 1.8.6

Description The issue concerns a stored Cross-Site Scripting (XSS) vulnerability in a widget of the plugin, which can be exploited by lower-privileged users, such as contributors. This vulnerability allows for malicious script execution.

Recommendations For versions prior to 1.8.6, update to version 1.8.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable widget to prevent exploitation by lower-privileged users.