Jeg Elementor Kit Plugin Vulnerable to Stored Cross-Site Scripting
CVE-2024-10308
5.4MEDIUM
What is CVE-2024-10308?
The Jeg Elementor Kit plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability through its JKit - Countdown widget. This flaw arises from inadequate sanitization of user input and insufficient output escaping for attributes provided by users. Consequently, authenticated attackers with contributor-level access can exploit this vulnerability to inject arbitrary web scripts into pages, which are executed each time a user accesses the compromised page. This risk emphasizes the importance of secure coding practices and regular vulnerability assessments for WordPress plugins.
Affected Version(s)
Jeg Elementor Kit * <= 2.6.9