2 matches found
CVE-2024-0334 Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Cross-Site Scripting via Elementor Widget URL Custom Attributes
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attribute of a link in several Elementor widgets in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-0334
CVE-2024-0334 affects Jeg Elementor Kit (WordPress). The vulnerability is Stored XSS via the Elementor Widget URL Custom Attributes due to insufficient input sanitization/output escaping on user-supplied attributes; exploitable by authenticated Contributors+ to inject scripts that run when a user...