An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler it is possible to extract arbitrary heap data relative to the start of the text including pointers and sensitive strings. The fixed versions are 3.0.7 3.1.5 3.2.4 and 3.3.1.

...

WordPress Elements kit Elementor addons Plugin <= 3.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1238 Patch priority Low CVSS severity Low 6.5 Developer Wpmet PSID 8734102af007 Credits wesley wcraft Requir...