Lucene search

K
prionPRIOn knowledge basePRION:CVE-2024-1680
HistoryMar 13, 2024 - 4:15 p.m.

Cross site scripting

2024-03-1316:15:00
PRIOn knowledge base
www.prio-n.com
5
cross site scripting
wordpress
vulnerability
authenticated attackers
input sanitization
output escaping
web scripts

AI Score

6

Confidence

High

EPSS

0

Percentile

9.0%

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Settings URL of the Banner, Team Members, and Image Scroll widgets in all versions up to, and including, 4.10.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

AI Score

6

Confidence

High

EPSS

0

Percentile

9.0%