Lucene search
WpvulndbWPVDB-ID:427AF876-F60C-4219-B5DE-1C72B41C0136HistoryJan 20, 2024 - 12:00 a.m.
Essential Addons for Elementor < 5.9.5 - Contributor+ Stored Cross-Site Scritping
2024-01-2000:00:00
wpscan.com
3
stored cross-site scripting
elementor
contributor+
input sanitization
output escaping
custom login url
authenticated attackers
Description The plugin is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 5.9.5 |
Related
cvelist
cvelist
CVE-2024-0586
2024-02-05 21:22:00
cve
cve
CVE-2024-0586
2024-02-05 22:16:02
nvd
nvd
CVE-2024-0586
2024-02-05 22:16:02
prion
prion
Cross site scripting
2024-02-05 22:16:00
vulnrichment
vulnrichment
CVE-2024-0586
2024-02-05 21:22:00
wordfence
wordfence
5.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.2%
Related for WPVDB-ID:427AF876-F60C-4219-B5DE-1C72B41C0136