Lucene search

PatchstackCVELIST:CVE-2024-37565

HistoryJul 20, 2024 - 9:02 a.m.

CVE-2024-37565 WordPress Gum Elementor Addon plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability

2024-07-2009:02:55

CWE-79

Patchstack

www.cve.org

cve-2024-37565

cross site scripting

temegum gum elementor addon

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

Percentile

9.3%

JSON

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in TemeGUM Gum Elementor Addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through 1.3.5.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "gum-elementor-addon",
    "product": "Gum Elementor Addon",
    "vendor": "TemeGUM",
    "versions": [
      {
        "changes": [
          {
            "at": "1.3.6",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.3.5",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/gum-elementor-addon/wordpress-gum-elementor-addon-plugin-1-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve