WordPress Plugin Vulnerabilities

Ultimate Store Kit Elementor Addons < 2.6.0 - Contributor+ Stored XSS

Description

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Affects Plugins

Fixed in 2.6.0

References

Classification

Type
XSS
CWE

Miscellaneous

Timeline

Publicly Published
2025-04-04 (about 1 year ago)
Added
2025-04-09 (about 1 year ago)
Last Updated
2025-05-16 (about 1 year ago)

Other