3 matches found
CVE-2024-5152
CVE-2024-5152 affects the ElementsReady Addons for Elementor plugin (WordPress). It is a Stored Cross-Site Scripting via the _id parameter in all versions up to 6.1.0. Exploitation requires Contributor+ access and can cause scripts to run on pages viewed by users. No remediation details are provi...
CVE-2024-5152 ElementsReady Addons for Elementor <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress ElementsReady Addons for Elementor Plugin <= 6.1.0 is vulnerable to Cross Site Scripting (XSS)
Software ElementsReady Addons for Elementor Type Plugin Vulnerable versions = 6.1.0 Fixed in 6.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5152 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c9f24d2728a0 Credits...