DOM-Based Stored Cross-Site Scripting available via the ‘data-gallery-items’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
This vulnerability affects the following application versions:
- Essential Addons for Elementor 6.0.0
- Essential Addons for Elementor 6.0.1
- Essential Addons for Elementor 6.0.2
- Essential Addons for Elementor 6.0.3
- Essential Addons for Elementor 6.0.4
- Essential Addons for Elementor 6.0.5
- Essential Addons for Elementor 6.0.6
- Essential Addons for Elementor 6.0.7
- Essential Addons for Elementor 6.0.8
- Essential Addons for Elementor 6.0.9
- Essential Addons for Elementor 6.0.10
- Essential Addons for Elementor 6.0.11
- Essential Addons for Elementor 6.0.12
- Essential Addons for Elementor 6.0.13
- Essential Addons for Elementor 6.0.14
- Essential Addons for Elementor 6.0.15
- Essential Addons for Elementor 6.1.0
- Essential Addons for Elementor 6.1.1
- Essential Addons for Elementor 6.1.2
- Essential Addons for Elementor 6.1.3
- Essential Addons for Elementor 6.1.4
- Essential Addons for Elementor 6.1.5
- Essential Addons for Elementor 6.1.6
- Essential Addons for Elementor 6.1.7
- Essential Addons for Elementor 6.1.8
- Essential Addons for Elementor 6.1.9
- Essential Addons for Elementor 6.1.10
- Essential Addons for Elementor 6.1.11
- Essential Addons for Elementor 6.1.12
- Essential Addons for Elementor 6.1.13
- Essential Addons for Elementor 6.1.14
- Essential Addons for Elementor 6.1.15
- Essential Addons for Elementor 6.1.17
- Essential Addons for Elementor 6.1.18
- Essential Addons for Elementor 6.1.19
- Essential Addons for Elementor 6.1.20
- Essential Addons for Elementor 6.2.0
- Essential Addons for Elementor 6.2.1
- Essential Addons for Elementor 6.2.2