EUVD-2024-27205

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

LA-Studio Element Kit for Elementor plugin vulnerable to Stored Cross-Site Scripting in all versions up to 1.3.7.4

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2024-2249	14 Mar 202423:21	–	circl
CNNVD	WordPress Plugin LA-Studio Element Kit for Elementor Security Vulnerability	14 Mar 202400:00	–	cnnvd
CVE	CVE-2024-2249	14 Mar 202421:33	–	cve
Cvelist	CVE-2024-2249 LA-Studio Element Kit for Elementor <= 1.3.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	14 Mar 202421:33	–	cvelist
NVD	CVE-2024-2249	14 Mar 202422:15	–	nvd
Patchstack	WordPress LA-Studio Element Kit for Elementor Plugin <= 1.3.7.4 is vulnerable to Cross Site Scripting (XSS)	14 Mar 202400:00	–	patchstack
Positive Technologies	PT-2024-19446 · WordPress · La-Studio Element Kit For Elementor	14 Mar 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-2249	7 Jan 202609:14	–	redhatcve
Vulnrichment	CVE-2024-2249	14 Mar 202421:33	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)	21 Mar 202415:55	–	wordfence

[
  {
    "enisaIdVendor": [
      {
        "id": "bd65e1c1-c3e1-33ad-8795-b2c248fce03f",
        "vendor": {
          "name": "choijun"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "48dd0313-b815-360a-a590-ed2d47612b38",
        "product": {
          "name": "LA-Studio Element Kit for Elementor"
        },
        "product_version": "* ≤1.3.7.4"
      },
      {
        "id": "ba43e219-569d-3f27-a367-76bd6197f833",
        "product": {
          "name": "LA-Studio Element Kit for Elementor"
        }
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/5113170a-5a53-4e53-84e6-56d9ba0740ed
plugins	www.plugins.trac.wordpress.org/changeset/3050316/lastudio-element-kit/trunk/includes/extensions/elementor/wrapper-link.php

03 Oct 2025 20:07Current

8.6High risk

Vulners AI Score8.6

CVSS 3.15.4 - 6.4

EPSS0.00082

SSVC