CVE-2024-1398

Summary

CVE-2024-1398 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Ultimate Bootstrap Elements for Elementor plugin for WordPress. This issue allows authenticated attackers with contributor-level permissions and above to inject arbitrary web scripts into the 'heading_title_tag' and 'heading_sub_title_tag' parameters. The vulnerability, present in all versions up to and including 1.3.6, results in the malicious scripts being executed whenever a user accesses an injected page. The cause of this issue is insufficient input sanitization and output escaping, posing a significant risk to WordPress sites using this plugin.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.