Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2023 Greenbone AGOPENVAS:1361412562310126450
HistoryAug 11, 2023 - 12:00 a.m.

WordPress Elementor Addon Elements Plugin < 1.11.2 XSS Vulnerability

2023-08-1100:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
3
wordpress
elementor addon elements
xss
vulnerability
stored
lower-privileged

0.001 Low

EPSS

Percentile

18.6%

JSON

The WordPress plugin

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:webtechstreet:elementor_addon_elements";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.126450");
  script_version("2023-10-13T16:09:03+0000");
  script_tag(name:"last_modification", value:"2023-10-13 16:09:03 +0000 (Fri, 13 Oct 2023)");
  script_tag(name:"creation_date", value:"2023-08-11 10:00:03 +0000 (Fri, 11 Aug 2023)");
  script_tag(name:"cvss_base", value:"3.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:N/I:P/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2021-05-11 14:50:00 +0000 (Tue, 11 May 2021)");

  script_cve_id("CVE-2021-24259");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("WordPress Elementor Addon Elements Plugin < 1.11.2 XSS Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_wordpress_plugin_http_detect.nasl");
  script_mandatory_keys("wordpress/plugin/addon-elements-for-elementor-page-builder/detected");

  script_tag(name:"summary", value:"The WordPress plugin 'Elementor Addon Elements' is prone to a
  cross-site scripting (XSS) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Several widgets are vulnerable to stored Cross-Site Scripting
  (XSS) by lower-privileged users such as contributors, all via a similar method.");

  script_tag(name:"affected", value:"WordPress Elementor Addon Elements plugin prior to version
  1.11.2.");

  script_tag(name:"solution", value:"Update to version 1.11.2 or later.");

  script_xref(name:"URL", value:"https://wpscan.com/vulnerability/0719063f-7743-4a34-94b9-f67fd98e5990");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_is_less(version: version, test_version: "1.11.2")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "1.11.2", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);

Related

wpvulndb 1
prion 1
cvelist 1
cve 1
openvas 1
wpvulndb
wpvulndb
Elementor Addon Elements < 1.11.2 - Contributor+ Stored XSS
2021-04-13 00:00:00
prion
prion
Cross site scripting
2021-05-05 19:15:00
cvelist
cvelist
CVE-2021-24259 Elementor Addon Elements < 1.11.2 - Contributor+ Stored XSS
2021-05-05 18:28:46
cve
cve
CVE-2021-24259
2021-05-05 19:15:00
openvas
openvas
WordPress Elementor Addon Elements Plugin < 1.11.2 XSS Vulnerability
2023-08-18 00:00:00

0.001 Low

EPSS

Percentile

18.6%

JSON
Related for OPENVAS:1361412562310126450
wpvulndb1prion1cvelist1cve1openvas1