Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through <= 1.4.1.
Published: 2026-03-13
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross‑Site Scripting (XSS)
Action: Apply Patch
AI Analysis

Impact

The vulnerability arises from improper neutralization of input during web page generation in the Noor Alam Magical Addons For Elementor plugin. It allows an attacker to inject and store malicious JavaScript that executes when the page is viewed, resulting in a stored cross‑site scripting (XSS) flaw. This can compromise user confidentiality, integrity, and potentially allow attackers to deface content or steal session credentials.

Affected Systems

The affected products are the Magical Addons For Elementor plugin for WordPress from the Noor Alam vendor, specifically all releases up to and including version 1.4.1. No specific sub‑versions are noted, so any installation of the plugin through version 1.4.1 is potentially vulnerable.

Risk and Exploitability

The CVSS score of 6.5 classifies the impact as medium, while an EPSS score of less than 1% indicates a very low likelihood of exploitation in the wild, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector involves sending maliciously crafted input through the plugin’s input fields, which requires a user capable of adding or editing content. Because the flaw is a stored XSS, it persists across sessions and can affect every visitor to the compromised page.

Generated by OpenCVE AI on March 19, 2026 at 15:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Magical Addons For Elementor plugin to the latest released version (≥1.4.2).
  • Check the vendor’s official website or repository for any security advisories or patches, and apply them promptly.

Generated by OpenCVE AI on March 19, 2026 at 15:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Noor Alam
Noor Alam magical Addons For Elementor
Wordpress
Wordpress wordpress
Vendors & Products Noor Alam
Noor Alam magical Addons For Elementor
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through <= 1.4.1.
Title WordPress Magical Addons For Elementor plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References

Subscriptions

Noor Alam Magical Addons For Elementor
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:15.350Z

Reserved: 2026-03-12T11:11:30.946Z

Link: CVE-2026-32429

cve-icon Vulnrichment

Updated: 2026-03-13T19:19:22.335Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:55:01.963

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32429

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:03:35Z

Weaknesses