2 matches found
CVE-2024-2249
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including, 1.3.7.4 due to insufficient input sanitization and output escaping the user supplied attribute. Th...
CVE-2024-2249
CVE-2024-2249: LA-Studio Element Kit for Elementor on WordPress is susceptible to Stored Cross-Site Scripting via the LinkWrapper attribute in several widgets, up to and including version 1.3.7.4. Root cause: insufficient input sanitization and output escaping of user-supplied attributes. Impact:...