3 matches found
WordPress DethemeKit For Elementor Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)
Software DethemeKit For Elementor Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4374 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9962695def1c Credits stealthcopter...
CVE-2024-4374
CVE-2024-4374 affects the DethemeKit For Elementor WordPress plugin. A Stored XSS exists in widget attributes due to insufficient input sanitization and output escaping, enabling an authenticated attacker with contributor-level access or higher to inject scripts that run when users load injected ...
CVE-2024-4374 DethemeKit For Elementor <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...