Name of the Vulnerable Software and Affected Versions:

The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce versions prior to 6.3.10

Description:

The plugin is susceptible to Stored Cross-Site Scripting through the `custom script` parameter. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages, which will execute when a user accesses the injected page.

Recommendations:

Update The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce to version 6.3.10 or later.