CVE-2024-10493

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 28, 2024
Updated: Nov 29, 2024
CWE ID 79

Summary

CVE-2024-10493 is a vulnerability affecting the Elementor Addons plugin for WordPress. Before version 5.10.3, the plugin failed to validate and escape certain block options, making them susceptible to Stored Cross-Site Scripting attacks. Contributors and users with higher roles could potentially inject malicious scripts into pages or posts by exploiting this flaw. This issue poses a serious security risk, as unintended code execution could lead to data theft, unauthorized access, and other malicious activities. To mitigate this risk, it is highly recommended that users update the Elementor Addons plugin to the latest version as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share