Lucene search
WpvulndbWPVDB-ID:BF5C24CA-B240-492C-93CD-CAD96D63DAAAHistoryFeb 15, 2024 - 12:00 a.m.
Happy Addons for Elementor < 3.10.2 - Contributor+ Stored Cross-Site Scripting
2024-02-1500:00:00
wpscan.com
3
happy addons
elementor
contributor role
stored xss
age gate
6.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
Description The does not properly sanitize the side image URL parameter in the Age Gate, allowing users with at least thhe contributor role to conduct Stored XSS attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 3.10.2 |
Related
prion
prion
Cross site scripting
2024-02-29 01:43:00
cve
cve
CVE-2024-0838
2024-02-29 01:43:29
nvd
nvd
CVE-2024-0838
2024-02-29 01:43:29
cvelist
cvelist
CVE-2024-0838
2024-02-20 18:56:48
wordfence
wordfence
6.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
Related for WPVDB-ID:BF5C24CA-B240-492C-93CD-CAD96D63DAAA