4 matches found
CVE-2024-2348
The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Meta widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level acce...
CVE-2024-2348
Gum Elementor Addon for WordPress ≤ 1.3.2 is vulnerable to Stored Cross-Site Scripting via the Post Meta widget due to insufficient input sanitization/output escaping. Exploitation requires authenticated access (subscriber or higher). A fixed version, 1.3.3, is available; updating to >1.3.2 is...
CVE-2024-2348 Gum Elementor Addon <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Widget
The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Meta widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level acce...
WordPress Gum Elementor Addon Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)
Software Gum Elementor Addon Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2348 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 24199562026b Credits Francesco Carlucci...