NVD脆弱性詳細

Exploit、PoC検索

NVD脆弱性検索トップ

->

NVD脆弱性詳細

CVE-2026-11614

概要	The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attributes' parameter in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
公表日	2026年6月24日13:17
登録日	2026年6月27日4:16
最終更新日	2026年6月25日22:26

CVSS3.1 : MEDIUM
スコア	6.4
ベクター	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更あり
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	なし

関連情報、対策とツール

No	URL	refsource	タグ
1	https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/tags/1.7.3/inc/helper-functions.php#L1069	security@wordfence.com
2	https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/tags/1.7.3/widgets/image-scroller/layout/frontend.php#L8	security@wordfence.com
3	https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/inc/helper-functions.php#L778	security@wordfence.com
4	https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/animated-link/layout/frontend.php#L21	security@wordfence.com
5	https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/author-box/layout/frontend.php#L59	security@wordfence.com
6	https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/button/layout/frontend.php#L36	security@wordfence.com
7	https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/hero-slider/layout/frontend.php#L65	security@wordfence.com
8	https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/hot-spot/layout/frontend.php#L35	security@wordfence.com
9	https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/icon-box/layout/frontend.php#L12	security@wordfence.com
10	https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/icon-box/layout/frontend.php#L28	security@wordfence.com
11	https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/image-scroller/layout/frontend.php#L14	security@wordfence.com
12	https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/image-scroller/layout/frontend.php#L28	security@wordfence.com
13	https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/info-list/layout/frontend.php#L15	security@wordfence.com
14	https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/pricing/layout/frontend.php#L16	security@wordfence.com
15	https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/promo-box/layout/frontend.php#L51	security@wordfence.com
16	https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/site-logo/layout/frontend.php#L35	security@wordfence.com
17	https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/site-title/layout/frontend.php#L28	security@wordfence.com
18	https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/team/layout/frontend.php#L46	security@wordfence.com
19	https://www.wordfence.com/threat-intel/vulnerabilities/id/0f78479f-8e28-4fa4-bf2b-eefedffa4d72?source=cve	security@wordfence.com

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html