CVE-2024-4360

NVD Published Date: August 12, 2024 at 01:38 PM
NVD Last Modified: August 12, 2024 at 01:41 PM
Download Patch
Vulnerability ID
CVE-2024-4360
Severity
MEDIUM
Severity Score
6.4
Summary
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 5.7.2 due to insufficient input sanitization and output escaping on user supplied attributes like 'title_tag'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE ID
None

Recent Publish

CVE-2024-40481

CVE-2024-42001

CVE-2024-42467

CVE-2024-7658

CVE-2024-7659

CVE-2023-31315

See SecOps Solution
in action

Schedule Demo