Volerion logoVolerion
Volerion logoVolerion

Prime Slider Addons for Elementor Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in the Prime Slider Addons for Elementor plugin, specifically in versions through 3.16.5. The issue arises in the 'blog' widget, where the 'social_link_title' parameter lacks proper input sanitization and output escaping. This vulnerability allows authenticated attackers with Contributor-level access or higher to inject arbitrary scripts into pages, which are executed when users access those pages.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.

Reproduction

To reproduce this vulnerability, an authenticated user with Contributor-level access or higher can inject a script through the 'social_link_title' parameter of the 'blog' widget. The injected script will be executed when the page is viewed by a user.

Remediation

Users are advised to update the Prime Slider Addons for Elementor plugin to version 3.16.6 or later.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
1.0
impact
1.7
exploitability
6.2
remediation
7.7
relevance
0.0
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.