What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Templates – Elementor & Gutenberg templates skt-templates allows Reflected XSS.This issue affects SKT Templates – Elementor & Gutenberg templates: from n/a through <= 6.14.
Explanation of Vulnerability in Simple Terms
02Summary
SKT Templates for Elementor and Gutenberg contains a cross-site scripting (XSS) vulnerability in versions up to 6.14. An attacker can inject malicious scripts that execute in a visitor's browser when they view a page containing the vulnerable template. The vulnerability requires user interaction—the victim must visit a crafted page—but can affect multiple users and compromise site security.
What an attacker can do
03Attacker Capabilities
Inject malicious JavaScript that runs in visitors' browsers, stealing cookies, session tokens, or redirecting users.
Potential impact on your site
04Site Impact
Visitors to your site could be redirected, have credentials stolen, or see defaced content without your knowledge.
Conditions required to exploit
05Prerequisites
No authentication required. Victim must visit a page containing the malicious template code.
Key dates
06Disclosure timeline
September 17, 2024
CVE published
May 12, 2026
Record updated