PT-2024-39278 · Livemesh · Elementor Addons

🗓️ 25 Sep 2024 00:00:00Reported by Positive TechnologiesType

Stored cross site scripting in piechart settings for Livemesh Elementor Addons up to version 8.5; requires Contributor or higher.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2024-8858	25 Sep 202414:19	–	circl
CNNVD	WordPress plugin Elementor Addons by Livemesh 跨站脚本漏洞	25 Sep 202400:00	–	cnnvd
CVE	CVE-2024-8858	25 Sep 202410:59	–	cve
Cvelist	CVE-2024-8858 Elementor Addons by Livemesh <= 8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via piechart_settings Parameter	25 Sep 202410:59	–	cvelist
EUVD	EUVD-2024-49437	3 Oct 202520:07	–	euvd
NVD	CVE-2024-8858	25 Sep 202411:15	–	nvd
Patchstack	WordPress Elementor Addons by Livemesh plugin <= 8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via piechart_settings Parameter vulnerability	25 Sep 202411:42	–	patchstack
Patchstack	WordPress Livemesh Addons for Elementor Plugin <= 8.5 is vulnerable to Cross Site Scripting (XSS)	25 Sep 202400:00	–	patchstack
RedhatCVE	CVE-2024-8858	23 May 202507:19	–	redhatcve
Vulnrichment	CVE-2024-8858 Elementor Addons by Livemesh <= 8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via piechart_settings Parameter	25 Sep 202410:59	–	vulnrichment

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/3153346
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-8858
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/d3c2e5fe-cc02-479e-9f33-e1a783088596
twitter	www.twitter.com/VulmonFeeds/status/1838924598768750795
twitter	www.twitter.com/CVEnew/status/1838899950597316641
wordpress	www.wordpress.org/plugins/addons-for-elementor/
t	www.t.me/cvenotify/96854
t	www.t.me/cvedetector/6308
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
plugins	www.plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/templates/addons/piecharts/loop.php

02 Oct 2024 00:00Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.15.4 - 6.4

EPSS0.00255

SSVC