Stored Cross-Site Scripting Vulnerability in HT Mega β Absolute Addons for Elementor Plugin
CVE-2024-12599
6.1MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 11 February 2025
What is CVE-2024-12599?
The HT Mega β Absolute Addons For Elementor plugin for WordPress possesses a vulnerability that allows for Stored Cross-Site Scripting through its Countdown widget. This issue arises from inadequate input sanitization and output escaping of user-supplied attributes. Authenticated attackers, with contributor-level access or higher, can exploit this vulnerability to inject arbitrary web scripts into pages. These scripts execute when a user views a compromised page, potentially leading to unauthorized access or data theft.
Affected Version(s)
HT Mega β Absolute Addons For Elementor * <= 2.8.1