cleantalk
Vulnerabilities and Security Researches

Zita Elementor Site Library, CVE-2024-8921

CVE, Research URL

CVE-2024-8921

Home page URL

Security reports for Zita Elementor Site Library

Application

Zita Elementor Site Library

Published on
Oct 16, 2024
Research Description
The Zita Elementor Site Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Affected versions
max 1.6.4.
Status
vulnerable
Previous vulnerability researches
Zita Elementor Site Library (CVE-2024-37420) , Jul 02, 2024
Zita Elementor Site Library (CVE-2024-3249) , Jun 26, 2024
Zita Elementor Site Library (CVE-2024-8921) , Oct 18, 2024
Zita Elementor Site Library (CVE-2026-25319) , Feb 27, 2026
New vulnerability
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder (CVE-2025-69001) , Feb 27, 2026
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder (CVE-2026-25313) , Feb 27, 2026
Advanced Custom Fields: Font Awesome Field (CVE-2025-14983) , Feb 27, 2026
Shield Security – Smart Bot Blocking & Intrusion Prevention Security (CVE-2025-14427) , Feb 27, 2026
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2025-15520) , Feb 27, 2026