The “Premium Addons for Elementor” WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
We’ve verified that the Premium Blog widget is similarly vulnerable via the "premium_blog_title_tag" parameter, and the following widgets are likely also vulnerable to similar exploits:
Premium Banner: “premium_banner_title_tag” parameter
Premium Dual Header:”premium_dual_header_first_header_tag” parameter
Premium Persion: “premium_person_name_heading” and “premium_person_title_heading”
Premium Pricing Table: “premium_pricing_table_title_size”
Premium Title: “premium_title_tag”
These vulnerabilities are nearly identical to the vulnerabilities we have recently disclosed in the main Elementor plugin: https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/