CVE Catalog
CVE-2026-39597
HighCVSS 7.1Summary
The WPZOOM Addons for Elementor plugin versions up to 1.3.4 contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can exploit this flaw to inject malicious JavaScript code.
Risk Assessment
Exploitation of this vulnerability may lead to user data theft or session hijacking. Organizations should be aware of the risks associated with unauthorized access to their applications.
Recommendation
It is recommended to update the WPZOOM Addons for Elementor plugin to the latest version to mitigate this vulnerability. Additionally, conducting a security audit of the application is advisable.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.

