Cross-Site Scripting Vulnerability in Elicus WPMozo Addons Lite for Elementor
CVE-2024-56221

6.5MEDIUM

Key Information:

Vendor: Elicus
Status: WPmozo Addons Lite For Elementor
Vendor: CVE Published:; 31 December 2024

Summary

The Elicus WPMozo Addons Lite for Elementor is susceptible to a Cross-Site Scripting (XSS) vulnerability due to improper neutralization of user input during web page generation. This flaw allows attackers to store malicious scripts that can be executed in the browsers of users visiting affected web pages. Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, session hijacking, and potential site takeover. The issue impacts versions up to 1.2.0, emphasizing the necessity for immediate remediation to safeguard user data and maintain site integrity.

Affected Version(s)

WPMozo Addons Lite for Elementor <= 1.2.0

References

https://patchstack.com/database/wordpress/plugin/wpmozo-a...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 18, 2024

Collectors

NVD DatabaseMitre Database

Credit

Gab (Patchstack Alliance)