Wpzoom Addons For Elementor
Monthly
Reflected cross-site scripting in the WPZOOM Addons for Elementor WordPress plugin (versions 1.3.4 and earlier) allows unauthenticated remote attackers to inject arbitrary script into a victim's browser session by tricking them into following a crafted link. The flaw was disclosed by Patchstack and carries a CVSS 3.1 score of 7.1 with scope change, reflecting potential impact on the broader WordPress site context; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Reflected cross-site scripting in the WPZOOM Addons for Elementor WordPress plugin (versions 1.3.4 and earlier) allows unauthenticated remote attackers to inject arbitrary script into a victim's browser session by tricking them into following a crafted link. The flaw was disclosed by Patchstack and carries a CVSS 3.1 score of 7.1 with scope change, reflecting potential impact on the broader WordPress site context; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.