← back
CVE-2026-39636

WordPress Livemesh Addons for Elementor plugin <= 9.0 - Cross Site Scripting (XSS) vulnerability

CVSS 6.5 MEDIUMEPSS 0.2%CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through <= 9.0.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Affected products
livemesh · Livemesh Addons for Elementor
public PoCs found1
githubgithub.com/CatchCatOoO/CVE-2026-39636-vulnerability-exp3
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://patchstack.com/database/Wordpress/Plugin/addons-for-elementor/vulnerability/wordpress-livemesh-addons-for-elementor-plugin-9-0-cross-site-scripting-xss-vulnerability?_s_id=cve