CVE-2026-57620
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
The Exclusive Addons Elementor plugin for WordPress contains a Stored Cross-Site Scripting (XSS) vulnerability due to improper input neutralization during page generation. The flaw affects all versions up to and including 2.7.9.8.
Risk Assessment
An attacker can inject malicious JavaScript code that executes in the browsers of administrators and users visiting the compromised page, potentially leading to session theft, account takeover, or content modification.
Recommendation
Immediately update the Exclusive Addons Elementor plugin to version 2.7.9.9 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.8.

