Style Kits for Elementor <=2.5.0 Authenticated Stored XSS via Kit Title (CVE-2026-6565)

Vulnerability Overview Vulnerability Name: Style Kits – Advanced Theme Styles for Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Kit Title CVE ID: CVE-2026-6565 CVSS Score: 6.4 (Medium) Publication Date: May 26, 2026 Last Updated Date: May 27, 2026 Researchers: Athiwat Tiprasaham (Jitada), Itthidej Araman (Boeing777) Impact Scope Software Type: Plugin Software Name: Style Kits for Elementor Affected Versions: <= 2.5.0 Fixed Version: 2.6.0 Remediation Remediation Advice: Update to version 2.6.0 or a later patched version. Vulnerability Description The Style Kits – Advanced Theme Styles for Elementor plugin in versions 2.5.0 and earlier contains a stored Cross-Site Scripting (XSS) vulnerability. An attacker can inject arbitrary JavaScript code in the context of an administrative property. When a user visits the injected page, these scripts will be executed. Reference Links Cross-Site Scripting vulnerabilities and how to prevent them Additional Information Software Package: Style Kits for Elementor Software Package Link: analogwp-templates (view on wordpress.org) Recent Vulnerabilities Vulnerability Title: Style Kits <= 1.8.0 - Cross-Site Request Forgery Bypass CVE ID: CVE-2021-4401 CVSS Score: 8.8 Researcher: Jerome Bruandet Publication Date: March 1, 2021 Disclaimer This record contains copyrighted material. Copyright Information: © 2012-2026 Defiant Inc. and © 1999-2026 The MITRE Corporation Contact Information To add information or report errors, please contact: rfi-support@wordfence.com Business Hours 9am-8pm ET, 6am-5pm PT, and 2pm-1am UTC/GMT (excluding weekends and holidays) Responsive customers receive 24/7/365 support with a 1-hour response time. Additional Links Terms of Service Privacy Policy and Notice at Collection Do Not Sell or Share My Personal Information Social Media Twitter Facebook LinkedIn Instagram Products & Support Wordfence Free Wordfence Premium Wordfence Care Wordfence Response Wordfence CLI Wordfence Intelligence Wordfence Central News & Updates Blog In The News Vulnerability Advisories About About Wordfence Affiliate Program Employment Contact Security CVE Request Form Subscribe Subscribe to news and updates from experienced security professionals. Email: you@example.com Agree to terms and privacy policy: [ ] By checking this box I agree to the terms of service and privacy policy * Register SIGN UP Copyright © 2012-2026 Defiant Inc. All Rights Reserved Logos Wordfence Defiant

Goal Reached Thanks to every supporter — we hit 100%!

Style Kits for Elementor <=2.5.0 Authenticated Stored XSS via Kit Title (CVE-2026-6565)

More from this source