CVE-2024-10453 – Elementor Website Builder Stored Cross-Site Scripting Vulnerability

12月 21, 2024
11:16 am

CVE ID : CVE-2024-10453

Published : Dec. 21, 2024, 10:15 a.m. | 1 hour, 1 minute ago

Description : The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Typography Settings in all versions up to, and including, 3.25.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-10453 – Elementor Website Builder Stored Cross-Site Scripting Vulnerability

Elvescore.io

Recent Posts

CVE-2024-50701 – TeamPass Unrestricted Folder Access Vulnerability

CVE-2024-50702 – TeamPass Unauthenticated Remote Code Execution Vulnerability

CVE-2024-50703 – TeamPass User Privilege Escalation Vulnerability

CVE-2024-54181 – IBM WebSphere Automation Code Injection Vulnerability

CVE-2024-10044 – FastChat SSRF

CVE-2024-12993 – Infinix Mobile Location Disclosure Information Exposure

CVE-2024-10453 – Elementor Website Builder Stored Cross-Site Scripting Vulnerability

CVE-2024-10453 – Elementor Website Builder Stored Cross-Site Scripting Vulnerability