Cross-Site Scripting Flaw in Extensions for Elementor by Petesheppard84
CVE-2024-52471

7.1HIGH

Key Information:

Vendor: WordPress
Status: Extensions For Elementor
Vendor: CVE Published:; 20 November 2024

What is CVE-2024-52471?

A reflected Cross-Site Scripting (XSS) vulnerability exists in the Extensions for Elementor by petesheppard84, allowing attackers to inject malicious scripts into web pages. This flaw could be exploited to manipulate user sessions and steal information by compromising the integrity of user interactions. The issue affects various versions up to and including 2.0.37, posing a risk to website administrators and users. It is crucial for affected users to implement security patches or updates to safeguard their systems from potential attacks.

Affected Version(s)

Extensions for Elementor 0 <= 2.0.40

References

https://patchstack.com/database/Wordpress/Plugin/extensio...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2024

CVE-2024-52471 Data

JSON

WordPress

What is CVE-2024-52471?

Affected Version(s)

References

CVSS V3.1

Timeline