Stored Cross-Site Scripting Vulnerability in Exclusive Addons for Elementor Plugin by WordPress
CVE-2024-1234

5.4MEDIUM

Key Information:

Vendor
Wordpress
Vendor
CVE Published:
13 March 2024

Summary

The Exclusive Addons for Elementor plugin for WordPress suffers from a vulnerability that allows authenticated attackers with contributor access or higher to perform Stored Cross-Site Scripting. This issue arises from inadequate input sanitization and output escaping within the plugin, specifically through the manipulation of data attributes. Consequently, attackers can inject arbitrary web scripts that are executed whenever a user accesses the compromised pages, potentially leading to session hijacking, defacement, or further exploitation of site visitors.

Affected Version(s)

Exclusive Addons for Elementor * <= 2.6.9

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Craig Smith
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.