PT-2026-31081 · Elementor+1 · Elementor+1
Athiwat Tiprasaharn
+1
·
Published
2026-04-08
·
Updated
2026-04-13
·
CVE-2026-4341
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Prime Slider – Addons for Elementor plugin for WordPress versions up to and including 4.1.10
Description
The Prime Slider – Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping. The
render social link() function in modules/mount/widgets/mount.php outputs the follow us text Elementor widget setting using echo without any escaping function. The setting value is stored in elementor data post meta via update post meta. Authenticated attackers with Author-level access and above can inject arbitrary web scripts into pages, which will execute when a user accesses the injected page.Recommendations
Update to a version later than 4.1.10.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Elementor
The Prime Slider – Addons For Elementor