3 matches found
CVE-2024-1464
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-1464 Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Slider Widget
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-1464
Elementor Addons by Livemesh (WordPress) has CVE-2024-1464: Stored XSS via the style attribute in the Posts Slider widget, affecting all versions up to 8.3.4 due to insufficient input sanitization/output escaping. Impact: authenticated users with contributor+ privileges can inject scripts that ru...