PT-2026-2195 · WordPress · Pencilwp X Addons For Elementor
Abu Hurayra
·
Published
2026-01-08
·
Updated
2026-01-09
·
CVE-2026-22518
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
pencilwp X Addons for Elementor versions through 1.0.23
Description
An issue exists in pencilwp X Addons for Elementor that allows for DOM-Based Cross-site Scripting (XSS). This is due to improper neutralization of input during web page generation. The issue allows an attacker to inject malicious scripts into web pages, potentially compromising user data or system security. The vulnerable component allows for the execution of arbitrary JavaScript code within the context of the user's browser.
Recommendations
Update pencilwp X Addons for Elementor to a version later than 1.0.23.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pencilwp X Addons For Elementor