Security researchers have identified a critical vulnerability affecting over 2 million WordPress websites that utilize the Essential Addons for Elementor plugin. The vulnerability, flagged as a Stored Cross-Site Scripting (XSS) issue, is linked to flaws in two crucial widgets within the plugin – the Countdown Widget and the Woo Product Carousel Widget. Rated 6.4 on the vulnerability scale by Wordfence, this issue, impacting versions up to 5.9.11, raises significant concerns due to its potential exploitation by attackers to inject harmful scripts.
The vulnerability underscores lapses in input sanitization and output escaping mechanisms within the affected widgets, creating risks for unauthorized script injections by attackers. Essential Addons for Elementor swiftly responded to the issue by releasing a comprehensive security patch in version 5.9.13, addressing the XSS vulnerabilities and enhancing the overall stability and performance of the plugin. The prompt action taken by the developers highlights the importance of immediate mitigation efforts in ensuring the security of WordPress websites utilizing this popular Elementor extension.
Stored Cross-Site Scripting (XSS) vulnerabilities, as observed in Essential Addons for Elementor, represent a significant threat to website security, potentially allowing attackers to execute malicious scripts within vulnerable websites. This particular vulnerability points to the critical need for robust security measures within WordPress plugins to prevent unauthorized script injections and safeguard sensitive website data from potential exploitation.
