Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.18 – Contributor+ Stored XSS | CVE 2024-4156

Affects Plugins

essential-addons-for-elementor-lite

Fixed in 5.9.18

References

CVE

CVE-2024-4156

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/23a66e6b-cec0-4110-9bef-a5d41ce1c954

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.4 (medium)

Miscellaneous

Original Researcher

wesley (wcraft)

Verified

No

WPVDB ID

0341204b-0260-451f-ae5c-66d3afd81f9f

Timeline

Publicly Published

2024-04-30 (about 2 years ago)

Added

2024-05-03 (about 2 years ago)

Last Updated

2024-05-03 (about 2 years ago)

Other

Published

Title

Published

2025-12-30

Title

Carousel Horizontal Posts Content Slider <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-10-27

Title

Consulting Elementor Widgets < 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2015-08-25

Title

Post video players <= 1.136 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2024-03-16

Title

Scrollsequence < 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-06-23

Title

Enable SVG, WebP & ICO Upload < 1.1.1 - Author+ Stored XSS