Lucene search

K
patchstackNgô Thiên An (ancorn_)PATCHSTACK:43F36D8174E457FFC6A70F355492C1A6
HistoryAug 09, 2024 - 12:00 a.m.

WordPress Element Pack Elementor Addons Plugin <= 5.7.6 is vulnerable to Cross Site Scripting (XSS)

2024-08-0900:00:00
Ngô Thiên An (ancorn_)
patchstack.com
wordpress
element pack
elementor addons
plugin
cross-site scripting
vulnerable
version 5.7.6
fixed
owasp top 10
a7
cve-2024-4360
patch
low priority
cvss severity
developer
psid
credits
ngô thiên an
required privilege
contributor
published
9 august 2024
solution

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

AI Score

5.8

Confidence

High

Software

Element Pack Elementor Addons

Type

Plugin

Vulnerable versions

<= 5.7.6

Fixed in

5.7.7

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Classification

Cross Site Scripting (XSS)

CVE

CVE-2024-4360

Patch priority

Low

CVSS severity

Low (6.5)

Developer

Claim ownership

PSID

b1a260751a26

Credits

Ngô Thiên An (ancorn_)

Required privilege

Contributor

Published

9 August, 2024

Vulnerability details

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

This security issue has a low severity impact and is unlikely to be exploited.

Affected configurations

Vulners
Node
bdthemeselement_packRange5.7.6litewordpress
VendorProductVersionCPE
bdthemeselement_pack*cpe:2.3:a:bdthemes:element_pack:*:*:*:*:lite:wordpress:*:*

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

AI Score

5.8

Confidence

High

Related for PATCHSTACK:43F36D8174E457FFC6A70F355492C1A6