Lucene search
WpvulndbWPVDB-ID:49240593-FB6A-4D8C-A369-C4606CD9EE24HistoryFeb 12, 2024 - 12:00 a.m.
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.9 - Contributor+ Stored Cross-Site Scripting via Filterable Gallery
2024-02-1200:00:00
wpscan.com
4
stored cross-site scripting
filterable gallery
elementor templates
widgets
woocommerce builders
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin’s Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 5.9.9 |
Related
cvelist
cvelist
CVE-2024-1171
2024-02-20 18:56:51
nvd
nvd
CVE-2024-1171
2024-02-29 01:43:41
cve
cve
CVE-2024-1171
2024-02-29 01:43:41
prion
prion
Cross site scripting
2024-02-29 01:43:00
wordfence
wordfence
5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPVDB-ID:49240593-FB6A-4D8C-A369-C4606CD9EE24