Stored Cross-Site Scripting Vulnerability in Exclusive Addons for Elementor Plugin by WordPress
CVE-2024-1234
5.4MEDIUM
Key Information:
- Vendor
- Wordpress
- Vendor
- CVE Published:
- 13 March 2024
Summary
The Exclusive Addons for Elementor plugin for WordPress suffers from a vulnerability that allows authenticated attackers with contributor access or higher to perform Stored Cross-Site Scripting. This issue arises from inadequate input sanitization and output escaping within the plugin, specifically through the manipulation of data attributes. Consequently, attackers can inject arbitrary web scripts that are executed whenever a user accesses the compromised pages, potentially leading to session hijacking, defacement, or further exploitation of site visitors.
Affected Version(s)
Exclusive Addons for Elementor * <= 2.6.9
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Craig Smith