CVE-2021-24270

Name of the Vulnerable Software and Affected Versions DeTheme Kit for Elementor version 1.5.5.5 and earlier

Description The issue concerns a stored Cross-Site Scripting (XSS) vulnerability in a widget of the DeTheme Kit for Elementor WordPress Plugin. This vulnerability can be exploited by lower-privileged users, such as contributors. The exploitation method is similar in nature.

Recommendations For DeTheme Kit for Elementor versions prior to 1.5.5.5, update to version 1.5.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable widget to minimize the risk of exploitation.