2024-11-19
Platform: WordPress
Version: Royal Elementor Addons and Templates plugin versions up to 1.7.1001
Vulnerability: Stored Cross-Site Scripting (XSS)
Severity: Medium
Date: November 13, 2024 (published by NIST)
:
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to XSS due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin’s Form Builder widget. This allows attackers with contributor-level access or higher to inject malicious scripts into pages accessible by users. When a user visits such a page, the injected script gets executed, potentially compromising the user’s experience or stealing their data.
What Undercode Says:
This vulnerability affects websites using the Royal Elementor Addons and Templates plugin version 1.7.1001 or earlier.
Attackers with contributor privileges or higher can exploit this vulnerability.
Update the Royal Elementor Addons and Templates plugin to the latest version to fix the vulnerability.
If updating is not immediately possible, consider additional security measures to mitigate the risk.
Note: Undercode is a fictional organization and the advice provided is general. Always consult with a security professional for specific recommendations.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help