2 matches found
CVE-2024-4489 Royal Elementor Addons and Templates <= 1.3.976 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customuploadmimes’ function in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
WordPress Royal Elementor Addons Plugin <= 1.3.976 is vulnerable to Cross Site Scripting (XSS)
Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.976 Fixed in 1.3.977 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4489 Patch priority Low CVSS severity Low 6.5 Developer WProyal PSID bfd32dc437a7 Credits wesley wcraft Require...