Unlimited Elements For Elementor Hit by Reflected XSS Flaw
CVE-2024-45454

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Unlimited Elements For Elementor (free Widgets, Addons, Templates)
Vendor: CVE Published:; 6 October 2024

Summary

An identified vulnerability allows for improper neutralization of input during the web page generation process within the Unlimited Elements for Elementor product. This flaw leads to reflected Cross-site Scripting (XSS), enabling attackers to inject malicious scripts into web pages viewed by users. When these malicious scripts execute, they can potentially expose sensitive user information or facilitate further attacks. Users of Unlimited Elements For Elementor versions up to 1.5.121 should take immediate action to secure their installations and mitigate the risks associated with this vulnerability.

Affected Version(s)

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.121

References

https://patchstack.com/database/vulnerability/unlimited-e...

vdb-entry

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 6, 2024
Vulnerability Reserved
Aug 29, 2024

Credit

Rafie Muhammad (Patchstack)