Lucene search

[email protected]CVE-2024-34373

HistoryMay 06, 2024 - 7:15 p.m.

CVE-2024-34373

2024-05-0619:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-34373

cross-site scripting

posimyth

elementor page builder lite

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.4.2.

Affected configurations

Vulners

Node

posimyththe_plus_addons_for_elementor_page_builder_liteRange≤5.4.2

VendorProductVersionCPE
posimyththe_plus_addons_for_elementor_page_builder_lite*cpe:2.3:a:posimyth:the_plus_addons_for_elementor_page_builder_lite:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
posimyth	the_plus_addons_for_elementor_page_builder_lite	*	cpe:2.3:a:posimyth:the_plus_addons_for_elementor_page_builder_lite::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "the-plus-addons-for-elementor-page-builder",
    "product": "The Plus Addons for Elementor Page Builder Lite",
    "vendor": "POSIMYTH",
    "versions": [
      {
        "changes": [
          {
            "at": "5.5.0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "5.4.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/the-plus-addons-for-elementor-page-builder/wordpress-the-plus-addons-for-elementor-plugin-5-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve