Stored XSS Vulnerability in Country Flags for Elementor
CVE-2024-49262

6.5MEDIUM

Key Information:

Vendor: Wepic
Status: Country Flags For Elementor
Vendor: CVE Published:; 17 October 2024

Summary

A cross-site scripting (XSS) vulnerability exists in the Wepic Country Flags for Elementor plugin, allowing attackers to inject malicious scripts into web pages. This vulnerability can be exploited to conduct stored XSS attacks, potentially leading to unauthorized access, data manipulation, or session hijacking. Affected versions include 1.0.1 and earlier, making it essential for users to update their installations to mitigate risks.

Affected Version(s)

Country Flags for Elementor <= 1.0.1

References

https://patchstack.com/database/vulnerability/country-fla...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 17, 2024
Vulnerability Reserved
Oct 14, 2024

Collectors

NVD DatabaseMitre Database

Credit

João Pedro Soares de Alcântara - Kinorth (Patchstack Alliance)