Get Started

WordPress: Stored XSS via Cursor Parameter in Qi Addons For Elementor plugin

by the Hossted team
04.02.2025

In Qi Addons For Elementor plugin for WordPress versions 1.8.7 and prior a medium severity vulnerability CVE-2024-13699 was detected. This vulnerability allows authenticated users with Contributor-level access and above to inject arbitrary web scripts via the ‘cursor’ parameter, leading to Stored Cross-Site Scripting (XSS) that executes whenever a user accesses an injected page. To address this issue, users should upgrade Qi Addons For Elementor plugin to version 1.8.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13699.

Related articles
OSSpedia
OSSpedia 19 Feb 2025 WordPress: Insecure Direct Object Reference in Education Addon for Elementor Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Cross-Site Request Forgery Vulnerability in DeBounce Email Validator Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Unauthorized Access Vulnerability in Raptive Ads Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 11 Mar 2025 WordPress: Stored XSS Vulnerability in Countdown Timer Plugin Business and Enterprise Solutions CMS WOR