CVE Catalog

CVE-2026-39597

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Summary

The WPZOOM Addons for Elementor plugin versions up to 1.3.4 contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can exploit this flaw to inject malicious JavaScript code.

Risk Assessment

Exploitation of this vulnerability may lead to user data theft or session hijacking. Organizations should be aware of the risks associated with unauthorized access to their applications.

Recommendation

It is recommended to update the WPZOOM Addons for Elementor plugin to the latest version to mitigate this vulnerability. Additionally, conducting a security audit of the application is advisable.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS