PatchSiren cyber security CVE debrief
CVE-2026-48870 King Addons CVE debrief
A Cross Site Scripting (XSS) vulnerability was discovered in the King Addons for Elementor plugin. This issue allows a subscriber to inject malicious scripts into the webpage, potentially leading to unauthorized actions or data theft. The vulnerability has been rated with a CVSS score of 6.5, indicating a medium severity level.
- Vendor
- King Addons
- Product
- King Addons for Elementor
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of the King Addons for Elementor plugin, particularly those with subscriber-level access, should be aware of this vulnerability and take necessary precautions.
Technical summary
The vulnerability exists in the King Addons for Elementor plugin versions <= 51.1.62. It is categorized under CWE-79, which refers to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L.
Defensive priority
MEDIUM
Recommended defensive actions
- Update the King Addons for Elementor plugin to a version that fixes this vulnerability.
- Limit subscriber-level access to sensitive areas of the website.
- Monitor website activity for suspicious behavior.
Evidence notes
Evidence for this CVE was provided by Patchstack, as referenced in the NVD detail page.
Official resources
-
CVE-2026-48870 CVE record
CVE.org
-
CVE-2026-48870 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-48870 was published on 2026-06-15T21:17:16.440Z and modified on 2026-06-15T21:24:32.790Z.