Skip to main content

Premium Addons For Elementor Powerful Elementor Templates Widgets

1 CVEs product

Monthly

CVE-2026-12141 MEDIUM This Month

Stored XSS in Premium Addons for Elementor (all versions ≤4.11.84) lets authenticated contributors plant persistent JavaScript payloads via the `premium_tooltip_text` parameter that execute specifically when an administrator opens the injected post in the Elementor editor - not on public-facing pages. The root cause is unescaped output in the `print_template()` method registered on the `elementor/section/print_template` hook, meaning the attack surface is confined to the Elementor editor backend. No public exploit or CISA KEV listing has been identified at time of analysis; however, the scope-changed CVSS rating reflects real privilege-escalation potential from contributor to admin session context.

WordPress XSS Premium Addons For Elementor Powerful Elementor Templates Widgets
NVD VulDB
CVSS 3.1
4.9
EPSS
0.2%
EPSS 0% CVSS 4.9
MEDIUM This Month

Stored XSS in Premium Addons for Elementor (all versions ≤4.11.84) lets authenticated contributors plant persistent JavaScript payloads via the `premium_tooltip_text` parameter that execute specifically when an administrator opens the injected post in the Elementor editor - not on public-facing pages. The root cause is unescaped output in the `print_template()` method registered on the `elementor/section/print_template` hook, meaning the attack surface is confined to the Elementor editor backend. No public exploit or CISA KEV listing has been identified at time of analysis; however, the scope-changed CVSS rating reflects real privilege-escalation potential from contributor to admin session context.

WordPress XSS Premium Addons For Elementor Powerful Elementor Templates Widgets
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy