Stored Cross-Site Scripting Vulnerability in Exclusive Addons for Elementor by WordPress
CVE-2024-2503
5.4MEDIUM
What is CVE-2024-2503?
The Exclusive Addons for Elementor plugin for WordPress suffers from a Stored Cross-Site Scripting (XSS) vulnerability through its Post Grid Widget. This issue arises from inadequate input sanitization and output escaping, enabling authenticated attackers with contributor-level access to inject malicious web scripts. The injected scripts execute on pages affected by this vulnerability when accessed by users, potentially compromising their data and session information.
Affected Version(s)
Exclusive Addons for Elementor * <= 2.6.9.2