2 matches found
WordPress Livemesh Addons for Elementor Plugin <= 8.3.6 is vulnerable to Cross Site Scripting (XSS)
Software Livemesh Addons for Elementor Type Plugin Vulnerable versions = 8.3.6 Fixed in 8.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2539 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 9c3c1e135bc7 Credits Ngô Thiên ...
CVE-2024-2539
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget 'id' attributes in all versions up to, and including, 8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...