Stored Cross-Site Scripting Vulnerability in Elementor Addons by Livemesh for WordPress
CVE-2024-1465
What is CVE-2024-1465?
The Elementor Addons by Livemesh plugin for WordPress contains a vulnerability allowing authenticated users with contributor-level access and higher to execute stored cross-site scripting (XSS) attacks. This is enabled through the inadequate sanitization of the 'carousel_skin' attribute in the Posts Carousel widget, which hosts user-inserted content. An attacker can leverage this flaw to inject arbitrary web scripts that execute when other users visit affected pages, compromising data integrity and user security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Elementor Addons by Livemesh * <= 8.3.4
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved