Stored Cross-Site Scripting in Exclusive Addons for Elementor Plugin by WordPress
CVE-2024-3985
5.4MEDIUM
What is CVE-2024-3985?
The Exclusive Addons for Elementor plugin allows authenticated attackers, with contributor-level access or higher, to exploit a Stored Cross-Site Scripting vulnerability through the Call to Action widget. This occurs due to inadequate input sanitization and output escaping on user-supplied attributes, enabling the injection of arbitrary web scripts. The malicious scripts are executed whenever a user accesses an affected page, potentially compromising user data and site integrity.
Affected Version(s)
Exclusive Addons for Elementor * <= 2.6.9.4