WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Essential Addons for Elementor Lite < 5.0.9 - Reflected Cross-Site Scripting

Description

The plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the ~/includes/Traits/Helper.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker.

Affects Plugins

essential-addons-for-elementor-lite
Fixed in version 5.0.9

References

CVE
CVE-2022-0683
URL
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0683

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Pham Van Khanh (rskvp93) from VCSLab of Viettel Cyber Security & Nguyen Dinh Bien (biennd4) from VCSLab of Viettel Cyber Security.

Verified

Yes

WPVDB ID
9ea3248d-8320-465f-bf31-4365148b4b56

Timeline

Publicly Published

2022-02-18 (about 11 months ago)

Added

2022-02-20 (about 11 months ago)

Last Updated

2022-04-09 (about 9 months ago)

Our Other Services

WPScan WordPress Security Plugin