CVE-2021-24351

CVE-2021-24351: The Plus Addons for Elementor < 4.1.12 - Reflected Cross-Site Scripting (XSS)

Vendor Unknown
Product The Plus Addons for Elementor Page Builder
Weakness CWE-79 · XSS
Published June 14, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting (exploitable on both unauthenticated and authenticated users)

Key dates

02Disclosure timeline

June 14, 2021 CVE published
August 3, 2024 Record updated