3 matches found
CVE-2024-10308
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Countdown widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-10308
creationtimestamp| type| source ---|---|--- 2024-11-26 11:12:45+00:00| seen| https://infosec.exchange/users/cve/statuses/113548955787239825...
WordPress Jeg Elementor Kit Plugin <= 2.6.9 is vulnerable to Cross Site Scripting (XSS)
Software Jeg Elementor Kit Type Plugin Vulnerable versions = 2.6.9 Fixed in 2.6.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10308 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7709d157b72c Credits zer0gh0st Required...