CVE-2024-10980

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 29, 2024

Summary

CVE-2024-10980 is a stored cross-site scripting (XSS) vulnerability affecting the Element Pack Elementor Addons plugin for WordPress. Specifically, the Header Footer, Template Library, Dynamic Grid, Carousel, and Remote Arrows components do not properly validate and escape certain options in the Cookie Consent block during output. This issue allows users with the Contributor role or above to inject malicious scripts into a webpage by manipulating these options, potentially leading to unintended execution of arbitrary code or redirection to malicious sites. To mitigate this risk, users are advised to update the Element Pack Elementor Addons plugin to version 5.10.3 or higher as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share