CVE-2024-8961 – Elementor Addons for WordPress Stored XSS

11月 15, 2024
8:16 am

CVE ID : CVE-2024-8961

Published : Nov. 15, 2024, 7:15 a.m. | 1 hour, 1 minute ago

Description : The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nomore_items_text’ parameter in all versions up to, and including, 6.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-8961 – Elementor Addons for WordPress Stored XSS

Elvescore.io

Recent Posts

CVE-2024-12945 – Simple Car Rental System SQL Injection

CVE-2024-12946 – “1000 Projects Attendance Tracking Management System SQL Injection Vulnerability”

CVE-2023-7300 – Huawei Home Music System Path Traversal Vulnerability

CVE-2024-12943 – “CodeAstro House Rental Management System SQL Injection Vulnerability”

CVE-2024-12944 – CodeAstro House Rental Management System SQL Injection

CVE-2024-56433 – “Shadow Utilities Default Subuid Conflict Vulnerability”

CVE-2024-8961 – Elementor Addons for WordPress Stored XSS

CVE-2024-8961 – Elementor Addons for WordPress Stored XSS