MEDIUM
analogwp
CVE published 2026-05-27
CVE-2026-6565
The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the `/wp-json/agwp/v1/tokens/save` REST API endpoint. The vulnerability exists in the kit title parameter due to insufficient input sanitization and output escaping in an admin attribute context. This allows authenticated attackers with contr [truncated]