CVE-2024-13699

Summary

CVE-2024-13699 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Qi Addons For Elementor plugin for WordPress. The vulnerability, which exists in all versions up to and including 1.8.7, allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. This is due to insufficient input sanitization and output escaping in the ‘cursor’ parameter. The vulnerability was partially patched in versions 1.8.5, 1.8.6, and 1.8.7, but it's important to note that these patches may not completely address the issue. Therefore, it's recommended that users upgrade to the latest version of the plugin and implement additional security measures to mitigate the risk of XSS attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.