Stored Cross-Site Scripting Vulnerability Affects HT Mega's Absolute Addons For Elementor Plugin
CVE-2024-5215

5.4MEDIUM

Key Information:

Vendor
Wordpress
Status
Ht Mega – Absolute Addons For Elementor
Vendor
CVE Published:
26 June 2024

Badges

πŸ“° News Worthy

Summary

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Affected Version(s)

HT Mega – Absolute Addons For Elementor * <= 2.5.5

News Articles

favicon imagesecuritricks.com

SecuriTricks - Home

SecuriTricks is your go-to cybersecurity hub, offering daily updates on CVEs, latest attack reports, and downloadable IOCs including IPv4, URLs, and domain names. Dive into our blog for comprehensive insights into cybersecurity trends, tips, and in-depth analysis. Stay ahead with SecuriTricks, your ...

7 months ago

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/ht-mega-for-el...
https://plugins.trac.wordpress.org/browser/ht-mega-for-el...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • πŸ“°

    First article discovered by securitricks.com

  • Vulnerability published

  • Vulnerability Reserved

Credit

Matthew Rollings
.