CVE-2024-0838

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 29, 2024

Updated: Dec 27, 2024

CWE ID 79

Summary

CVE-2024-0838 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Happy Addons for Elementor plugin for WordPress. This issue, present in all versions up to 3.10.1, stems from insufficient input sanitization and output escaping in the Age Gate feature. Attackers with contributor access or higher can exploit this flaw by injecting malicious web scripts into image URL parameters. These scripts will execute whenever a user visits a compromised page, posing a significant security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uQfteP
https://www.cve.org/CVERecord?id=CVE-2024-0838
https://nvd.nist.gov/vuln/detail/CVE-2024-0838

Back to Vulnerability Database

CVE-2024-0838

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations