MEDIUM
kingaddons
CVE published 2026-07-10
CVE-2026-15284
The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_page_id' parameter in versions up to, and including, 51.1.62. This is due to insufficient input sanitization in the add_to_submissions() function, which applies sanitize_text_field() (preserving double-quote characters) before storing the value in post meta, combined with missing output escaping i [truncated]