Impact
Improper neutralization of input during page generation in WPDeveloper Essential Addons for Elementor allows attackers to inject malicious scripts that execute in the victim’s browser. Based on the description, it is inferred that the flaw can be triggered by crafted requests to the plugin’s input fields, leading to arbitrary JavaScript execution. This is a classic reflected XSS flaw associated with CWE‑79.
Affected Systems
WordPress sites that have installed WPDeveloper Essential Addons for Elementor Lite version 6.0.14 or earlier. The affected product is the Lite version of the plugin, identified by the vendor WPDeveloper and the product name Essential Addons for Elementor.
Risk and Exploitability
The CVSS score of 7.1 indicates a moderate to high severity level, while the EPSS score of 1% indicates a low likelihood of exploitation in the near future. The vulnerability is not listed in the CISA KEV catalog. It is inferred that the flaw can be triggered by crafted requests that inject malicious scripts into the plugin’s output, allowing an attacker to execute code in the victim's browser.
OpenCVE Enrichment
EUVD