Stored Cross-Site Scripting Vulnerability in Premium Addons for Elementor by WordPress
CVE-2024-11937
What is CVE-2024-11937?
The Premium Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping on user-supplied attributes. This vulnerability allows authenticated attackers, possessing contributor-level access and above, to inject malicious web scripts into web pages. The injected scripts execute whenever a user accesses the compromised page, posing serious security risks to affected websites and their users. To mitigate this issue, it is crucial to update to the latest version of the plugin that addresses these vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Premium Addons for Elementor * <= 4.10.69
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved