CVE-2026-12141 in Premium Addons for Elementor Plugin정보

요약

\~에 의해 MITRE • 2026. 07. 11.

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premium_tooltip_text' parameter in all versions up to, and including, 4.11.84 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The injected payload is specifically triggered when an administrator or higher-privileged user opens the affected post in the Elementor editor, as the raw unescaped output occurs via the print_template() method registered on the 'elementor/section/print_template' hook rather than on the public-facing frontend.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

책임이 있는

Wordfence

예약하다

2026. 06. 12.

모더레이션

수락

항목

VDB-377742

EPSS

0.00000

활동

낮음

출처

Want to know what is going to be exploited?

We predict KEV entries!