The Elementor Website Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting through the $instance[alt] parameter in versions up to 3.18.3 due to insufficient input sanitization and output escaping
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
Vulnrichment | CVE-2024-0506 | 20 Feb 202418:56 | – | vulnrichment |
WPVulnDB | Elementor Website Builder – More than Just a Page Builder < 3.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_image_alt | 9 Feb 202400:00 | – | wpvulndb |
CVE | CVE-2024-0506 | 29 Feb 202401:43 | – | cve |
Prion | Cross site scripting | 29 Feb 202401:43 | – | prion |
Patchstack | WordPress Elementor Website Builder Plugin <= 3.18.3 is vulnerable to Cross Site Scripting (XSS) | 7 Feb 202400:00 | – | patchstack |
NVD | CVE-2024-0506 | 29 Feb 202401:43 | – | nvd |
Wordfence Blog | Wordfence Intelligence Weekly WordPress Vulnerability Report (February 5, 2024 to February 11, 2024) | 15 Feb 202416:21 | – | wordfence |
[
{
"vendor": "elemntor",
"product": "Elementor Website Builder – More than Just a Page Builder",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "3.18.3",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo