CVE-2024-10310
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2024-10310 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Elementor Addons plugin for WordPress. Specifically, the Header Footer, Template Library, Dynamic Grid & Carousel, and Remote Arrows components are at risk. This issue arises due to insufficient input sanitization and output escaping in the Custom Gallery Widget's 'image_title' parameter. Authenticated attackers with Contributor-level access and above can exploit this flaw to inject arbitrary web scripts. These scripts will execute whenever a user accesses an injected page, posing a significant security threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.