CVE-2024-12189

Published April 1st, 2025

View on NVD ↗

CVSS v3

6.4

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom widgets in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that you may need to recreate any custom widgets or reinstall the plugin to ensure the issue is adequately patched.

WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder

<p><a href="https://wdesignkit.com/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=widgetslinks" rel="nofollow ugc">WDesignKit</a> is the ultimate designer tool for WordPress, empowering designers to create stunning websites in minutes. It’s the fastest way to build a WordPress website, making it a must-have tool for every WordPress designer or agency owner.</p> <p><strong> <a href="https://wdesignkit.com/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=widgetslinks" rel="nofollow ugc"> VISIT WDESIGNKIT WEBSITE</a></strong></p> <h3><strong> Quick Navigation Links</strong></h3> <p><a href="https://wdesignkit.com/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=widgetslinks" rel="nofollow ugc"> Visit Website</a> | <a href="https://www.youtube.com/c/POSIMYTHInnovations/?sub_confirmation=1" rel="nofollow ugc">Video Tutorials</a>| <a href="https://learn.wdesignkit.com/docs/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=widgetslinks" rel="nofollow ugc">Documentations</a> | <a href="https://roadmap.wdesignkit.com/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=widgetslinks" rel="nofollow ugc">Roadmap</a> | <a href="https://www.facebook.com/groups/884892449594153" rel="nofollow ugc">Join Facebook Community</a> | <a href="https://wordpress.org/support/plugin/wdesignkit" rel="ugc">Free Support</a> | <a href="https://store.posimyth.com/helpdesk/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=widgetslinks" rel="nofollow ugc">Premium Support</a> | <a href="https://wdesignkit.com/chat/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=widgetslinks" rel="nofollow ugc">AI Chat (Instant Answers)</a></p> <h3>Complete WDesignKit Features Explained Under 4 Mins <a href="https://www.youtube.com/watch?v=Bw5IHPxr0Nc" rel="nofollow ugc"> Watch Now</a></h3> <p><span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/Bw5IHPxr0Nc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span></p> <p><span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/4RhZwuyFd8k?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&start=101&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span></p> <h3>What is WDesignKit ?</h3> <ul> <li><strong><a href="https://wdesignkit.com/templates?builder_req=1001&utm_source=wordpress&utm_medium=readmepage&utm_campaign=widgetslinks" rel="nofollow ugc">1600+ Elementor Page Templates, Kit & Sections</a></strong></li> <li><strong><a href="https://wdesignkit.com/templates?builder_req=1002&utm_source=wordpress&utm_medium=readmepage&utm_campaign=widgetslinks" rel="nofollow ugc">1500+ Gutenberg Templates & Patterns</a></strong></li> <li><strong><a href="https://wdesignkit.com/widgets?builder=1&utm_medium=readmepage&utm_campaign=widgetslinks" rel="nofollow ugc">80+ Elementor Widgets Library</a></strong></li> <li><strong><a href="https://wdesignkit.com/widgets?builder=2&utm_medium=readmepage&utm_campaign=widgetslinks" rel="nofollow ugc">30+ Gutenberg Blocks Library</a></strong></li> <li><strong><a href="https://wdesignkit.com/widgets?builder=3&utm_medium=readmepage&utm_campaign=widgetslinks" rel="nofollow ugc">30+ Bricks Elements Libary</a></strong></li> <li><strong><a href="https://wdesignkit.com/widget-builder/elementor-widget-builder?utm_source=wordpress&utm_medium=readmepage&utm_campaign=widgetslinks" rel="nofollow ugc">Elementor Widget Builder</a></strong> (Custom Code to Elementor Widget)</li> <li><strong><a href="https://wdesignkit.com/widget-builder/gutenberg-blocks-builder?utm_source=wordpress&utm_medium=readmepage&utm_campaign=widgetslinks" rel="nofollow ugc">Gutenberg Blocks Builder</a></strong>(Custom Code to Gutenberg Blocks)</li> <li><strong><a href="https://wdesignkit.com/widget-builder/bricks-elements-builder?utm_source=wordpress&utm_medium=readmepage&utm_campaign=widgetslinks" rel="nofollow ugc">Bricks Elements Builder</a></strong> (Custom Code to Bricks Elements)</li> <li><strong><a href="https://wdesignkit.com/widgets/page-builder-widgets-converter?utm_source=wordpress&utm_medium=readmepage&utm_campaign=widgetslinks#wkit-one-click-convert" rel="nofollow ugc">1- Click Widget Convertor</a></strong> — Easily Convert Elementor Widgets to Gutenberg Blocks or Bricks Elements & Vice Versa </li> <li><strong><a href="https://wdesignkit.com/cloud-workspace?utm_source=wordpress&utm_medium=readmepage&utm_campaign=widgetslinks" rel="nofollow ugc">Cloud Workspace</a></strong> — Collaborate with your Team & Store Page Templates, Figma Designs or Custom Widgets on Cloud </li> <li><strong><a href="https://wdesignkit.com/figma-kits?utm_source=wordpress&utm_medium=readmepage&utm_campaign=widgetslinks" rel="nofollow ugc">60+ Figma Designed Websites</a></strong></li> </ul> <h3>🔍 OUR PRODUCTS</h3> <p><strong><a href="https://theplusaddons.com/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=widgetslinks" rel="nofollow ugc">🥇 The Plus Addons for Elementor</a></strong> – 120+ Elementor Widgets to create Elementor Widgets Easily.</p> <p><strong><a href="https://nexterwp.com/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=widgetslinks" rel="nofollow ugc">🥇 NexterWP Theme, Blocks & Extensions</a></strong> – Best Starter Theme for WordPress with 22+ WordPress Extension & 90+ Gutenberg Blocks.</p> <p><strong><a href="https://uichemy.com/?utm_source=wordpress&utm_medium=readmepage&utm_campaign=widgetslinks" rel="nofollow ugc">🥇 UiChemy – Figma to Elementor & Bricks Convertor</a></strong> – Convert your Figma Templates In Live Elementor Website using our <a href="https://www.figma.com/community/plugin/1265873702834050352/" rel="nofollow ugc">FREE Figma Plugin.</a></p> <h3>External services</h3> <ol> <li>wdesignkit.com API : This API is used to fetch plugin-related data for onboarding and updates. It sends the plugin version and identifier during activation, updates, or specific plugin-related requests. For more details, you can review the <a href="https://wdesignkit.com/privacy-policy" rel="nofollow ugc">Privacy Policy</a> and <a href="https://wdesignkit.com/terms" rel="nofollow ugc">Terms of Service</a>.</li> <li>api.wordpress.org : This API retrieves plugin metadata and compatibility information from WordPress.org. It sends the plugin identifier during updates or when checking compatibility. More information can be found in the <a href="https://wordpress.org/about/privacy/" rel="ugc">Privacy Policy</a> and <a href="https://wordpress.org/tos/" rel="ugc">Terms of Service</a>.</li> <li>api.posimyth.com : The plugin connects to this API for two purposes: collecting optional feedback during deactivation and storing anonymized data during onboarding. For deactivation feedback, anonymized data is sent voluntarily by users, while onboarding interactions transmit minimal anonymized statistics. These APIs are only accessed during feedback submission or onboarding. You can find more details in the <a href="https://api.posimyth.com/privacy-policy/" rel="nofollow ugc">Privacy Policy</a> and <a href="https://api.posimyth.com/terms-and-conditions/" rel="nofollow ugc">Terms of Service</a>.</li> </ol>

WordPress Plugin Directory

612K