PT-2026-36610 · WordPress · Premium Addons For Elementor
Fernando Mecozzi
·
Published
2026-05-02
·
Updated
2026-05-02
·
CVE-2026-4790
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Premium Addons for Elementor versions prior to 4.11.71
Description
Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access and above can inject arbitrary web scripts into pages via the
custom svg parameter. These scripts execute whenever a user accesses the affected page.Recommendations
Update to a version later than 4.11.70.
As a temporary workaround, restrict access to the
custom svg parameter to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Premium Addons For Elementor