CVE-2024-1242

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 29, 2024

Updated: Jan 8, 2025

CWE ID 79

Summary

CVE-2024-1242 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Premium Addons for Elementor plugin for WordPress. This issue, which exists up to version 4.10.18, permits authenticated attackers with contributor access or higher to inject malicious scripts via the button onclick attribute. These scripts will execute when an unsuspecting user accesses an injected page, potentially leading to data theft, unauthorized account takeover, or other malicious activities. This vulnerability stems from insufficient input sanitization and output escaping.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1dK666
https://www.cve.org/CVERecord?id=CVE-2024-1242
https://nvd.nist.gov/vuln/detail/CVE-2024-1242

Back to Vulnerability Database

CVE-2024-1242

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations