Medium severity6.4NVD Advisory· Published Aug 13, 2024· Updated Jun 17, 2026
CVE-2024-7092
CVE-2024-7092
Description
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘no_more_items_text’ parameter in all versions up to, and including, 5.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<=5.9.27+ 1 more
- (no CPE)range: <=5.9.27
- (no CPE)
- wpdevteam/Essential Addons for Elementor – Popular Elementor Templates & Widgetsv5Range: 0
Patches
Vulnerability mechanics
References
6- plugins.trac.wordpress.org/changeset/3134194/nvdPatch
- www.wordfence.com/threat-intel/vulnerabilities/id/718c60c1-6117-4959-a907-d0ef457f7185nvdThird Party Advisory
- essential-addons.com/changelog/nvdRelease Notes
- plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.phpnvdProduct
- plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.phpnvdProduct
- wordpress.org/plugins/essential-addons-for-elementor-lite/nvdRelease Notes
News mentions
0No linked articles in our index yet.