Stored Cross-Site Scripting Vulnerability in Exclusive Addons for Elementor by WordPress
CVE-2024-2503
5.4MEDIUM
Summary
The Exclusive Addons for Elementor plugin for WordPress suffers from a Stored Cross-Site Scripting (XSS) vulnerability through its Post Grid Widget. This issue arises from inadequate input sanitization and output escaping, enabling authenticated attackers with contributor-level access to inject malicious web scripts. The injected scripts execute on pages affected by this vulnerability when accessed by users, potentially compromising their data and session information.
Affected Version(s)
Exclusive Addons for Elementor * <= 2.6.9.2
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
wesley