CVE-2026-4341
Stored XSS in Prime Slider Elementor Plugin Allows Script Injection
Publication date: 2026-04-08
Last updated on: 2026-04-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wpbeaverbuilder | prime_slider | to 4.1.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows authenticated attackers with Author-level access or higher to inject arbitrary web scripts via stored cross-site scripting (XSS). Such XSS vulnerabilities can lead to unauthorized access to user data, session hijacking, or manipulation of content, which may result in violations of data protection and privacy regulations like GDPR or HIPAA.
Specifically, the exploitation of this vulnerability could compromise the confidentiality and integrity of user data, potentially leading to non-compliance with standards that require protection against unauthorized data access and ensuring data integrity.
Can you explain this vulnerability to me?
The Prime Slider β Addons for Elementor plugin for WordPress has a Stored Cross-Site Scripting (XSS) vulnerability in the 'follow_us_text' setting of the Mount widget. This occurs because the plugin does not properly sanitize or escape input before outputting it. Specifically, the function render_social_link() outputs the 'follow_us_text' setting directly using echo without escaping, allowing malicious scripts to be stored and executed when a user views the affected page.
An attacker with Author-level access or higher can inject arbitrary web scripts into pages via this vulnerability.
How can this vulnerability impact me? :
This vulnerability allows an authenticated attacker with Author-level access or above to inject malicious scripts into WordPress pages. These scripts will execute whenever any user accesses the infected page, potentially leading to unauthorized actions such as stealing user credentials, session hijacking, or defacing the website.
The CVSS score of 6.4 indicates a medium severity impact, with potential confidentiality and integrity loss but no impact on availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves Stored Cross-Site Scripting (XSS) via the 'follow_us_text' setting in the Prime Slider β Addons for Elementor plugin. Detection involves checking for malicious or unexpected script content in the 'follow_us_text' setting stored in the WordPress post meta data.
You can detect this by querying the WordPress database for the '_elementor_data' post meta and inspecting the 'follow_us_text' field for suspicious script tags or JavaScript code.
- Use a MySQL command to extract and search for script tags in the '_elementor_data' meta value, for example:
- SELECT post_id, meta_value FROM wp_postmeta WHERE meta_key = '_elementor_data' AND meta_value LIKE '%<script>%';
Additionally, you can use WordPress CLI commands or plugins to export and review Elementor widget settings for the Mount widget's 'follow_us_text' field.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the Prime Slider β Addons for Elementor plugin to a version later than 4.1.10 where the issue is fixed.
If an update is not immediately possible, restrict Author-level and higher user access to trusted users only, as the vulnerability requires authenticated users with Author-level access or above to exploit.
Review and sanitize the 'follow_us_text' setting in the Mount widget to remove any injected scripts.
Consider implementing additional security measures such as a Web Application Firewall (WAF) to block malicious payloads and monitor for suspicious activity.