Stored Cross-Site Scripting Vulnerability in Elementor Addon Elements Plugin by WordPress
CVE-2024-1422

6.4MEDIUM

Key Information:

Vendor: WordPress
Status: Addon Elements For Elementor (formerly Elementor Addon Elements)
Vendor: CVE Published:; 13 March 2024

What is CVE-2024-1422?

The Elementor Addon Elements plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability. This issue arises from inadequate input sanitization and output escaping on user-defined attributes within the modal popup widget's effect setting. Authenticated attackers with contributor-level permissions and above can exploit this flaw, allowing them to inject arbitrary scripts into web pages. When users visit an affected page, these scripts will be executed, potentially compromising user security and data integrity.

Affected Version(s)

Addon Elements for Elementor (formerly Elementor Addon Elements) 0 <= 1.12.12

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/addon-elements...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2024
Vulnerability Reserved
Feb 9, 2024

Credit

Craig Smith

CVE-2024-1422 Data

JSON