2 matches found
WordPress Livemesh Addons for Elementor Plugin <= 8.3.6 is vulnerable to Cross Site Scripting (XSS)
Software Livemesh Addons for Elementor Type Plugin Vulnerable versions = 8.3.6 Fixed in 8.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2655 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 21ff8c74e1bd Credits...
CVE-2024-2655 Elementor Addons by Livemesh <= 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post widgets in all versions up to, and including, 8.3.5 due to insufficient input sanitization and output escaping on author display names. This makes it possible for authenticated...