CVE-2021-24257

CVE-2021-24257: Premium Addons for Elementor < 4.2.8 - Contributor+ Stored Cross-Site Scripting (XSS)

Vendor Unknown

Product Premium Addons for Elementor

Weakness CWE-79 · XSS

Published May 5, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The “Premium Addons for Elementor” WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

Key dates

02Disclosure timeline

May 5, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24257

Related vulnerabilities

04Related CVE

CVE-2024-1393 Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Switcher Widget CVE-2020-11064 Cross-Site Scripting in TYPO3 CMS CVE-2025-13183 Stored XSS in Hotech's Otello CVE-2023-34375 WordPress Seo By 10Web Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS) CVE-2023-4423 WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce <= 3.1.37.1 - Authenticated (Admin+) Stored Cross-Site Scripting