What the vulnerability does
01Description
Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions.
Explanation of Vulnerability in Simple Terms
King Addons for Elementor versions up to 51.1.62 contain a stored cross-site scripting (XSS) vulnerability. An authenticated user with low privileges can inject malicious scripts that execute in the browsers of other site visitors, including administrators. The vulnerability requires user interaction to trigger. Scope is changed, meaning the impact extends beyond the vulnerable component itself.
What an attacker can do
Inject malicious scripts that run in other users' browsers when they view affected pages.
Potential impact on your site
Attackers with low-privilege accounts can steal admin session tokens, modify site content, or redirect visitors to malicious sites.
Conditions required to exploit
Attacker must have a low-privilege user account and trick a victim into visiting a page containing the malicious payload.
Key dates
External resources
Related vulnerabilities