CVE-2021-25027

medium

Description

The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue

References

https://wpscan.com/vulnerability/48612c44-151d-4438-b91c-c27e96174270

https://plugins.trac.wordpress.org/changeset/2638073

Details

Source: Mitre, NVD

Published: 2022-01-03

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N