Lucene search

K
patchstackWesley (wcraft)PATCHSTACK:FD920B0E9BDE31AEC7AD927CF88B8F8E
HistoryApr 11, 2024 - 12:00 a.m.

WordPress Premium Addons for Elementor Plugin <= 4.10.24 is vulnerable to Cross Site Scripting (XSS)

2024-04-1100:00:00
wesley (wcraft)
patchstack.com
1
wordpress
premium
addons
elementor
plugin
cross site scripting
xss
vulnerable
fixed
owasp
cve
low
leapworx
contributor
security
exploit

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.8

Confidence

High

Software

Premium Addons for Elementor

Type

Plugin

Vulnerable versions

<= 4.10.24

Fixed in

4.10.25

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Classification

Cross Site Scripting (XSS)

CVE

CVE-2024-2666

Patch priority

Low

CVSS severity

Low (5.4)

Developer

LeapWorx

PSID

46b32077f295

Credits

wesley (wcraft)

Required privilege

Contributor

Published

11 April, 2024

Vulnerability details

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

This security issue has a low severity impact and is unlikely to be exploited.

Affected configurations

Vulners
Node
leap13premium_addons_for_elementorRange4.10.24wordpress
VendorProductVersionCPE
leap13premium_addons_for_elementor*cpe:2.3:a:leap13:premium_addons_for_elementor:*:*:*:*:*:wordpress:*:*

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.8

Confidence

High

Related for PATCHSTACK:FD920B0E9BDE31AEC7AD927CF88B8F8E