Medium severity6.5NVD Advisory· Published Apr 29, 2024· Updated Apr 28, 2026

CVE-2024-33539

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Addons for Elementor (Templates, Widgets) allows Stored XSS.This issue affects WPZOOM Addons for Elementor (Templates, Widgets): from n/a through 1.1.35.

Affected products

Wpzoom/Wpzoom Elementor Addons
cpe:2.3:a:wpzoom:wpzoom_elementor_addons:*:*:*:*:*:wordpress:*:*
Range: <1.1.36

Patches

88b9980c964e

https://github.com/wpzoom/wpzoom-elementor-addonsvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

patchstack.com/database/vulnerability/wpzoom-elementor-addons/wordpress-wpzoom-addons-for-elementor-plugin-1-1-35-cross-site-scripting-xss-vulnerabilitynvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000