Lucene search

[email protected]NVD:CVE-2024-35709

HistoryJun 08, 2024 - 2:15 p.m.

CVE-2024-35709

2024-06-0814:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-35709

improper neutralization of input

posimyth

elementor page builder lite

stored xss

security vulnerability

web page generation

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

14.4%

JSON

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.5.4.

Affected configurations

Nvd

Node

posimyththe_plus_addons_for_elementorRange<5.5.5freewordpress

VendorProductVersionCPE
posimyththe_plus_addons_for_elementor*cpe:2.3:a:posimyth:the_plus_addons_for_elementor:*:*:*:*:free:wordpress:*:*

Vendor	Product	Version	CPE
posimyth	the_plus_addons_for_elementor	*	cpe:2.3:a:posimyth:the_plus_addons_for_elementor:::::free:wordpress::

References

patchstack.com/database/vulnerability/the-plus-addons-for-elementor-page-builder/wordpress-the-plus-addons-for-elementor-plugin-5-5-4-cross-site-scripting-xss-vulnerability?_s_id=cve