CVE Catalog

CVE-2026-57620

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

The Exclusive Addons Elementor plugin for WordPress contains a Stored Cross-Site Scripting (XSS) vulnerability due to improper input neutralization during page generation. The flaw affects all versions up to and including 2.7.9.8.

Risk Assessment

An attacker can inject malicious JavaScript code that executes in the browsers of administrators and users visiting the compromised page, potentially leading to session theft, account takeover, or content modification.

Recommendation

Immediately update the Exclusive Addons Elementor plugin to version 2.7.9.9 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.8.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS