CVE-2024-1500

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Mar 7, 2024

Updated: Jan 8, 2025

CWE ID 79

Summary

CVE-2024-1500 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Royal Elementor Addons and Templates plugin for WordPress. The weakness lies in the Logo Widget's insufficient input sanitization and output escaping of user-supplied URLs. This defect allows authenticated attackers with contributor-level access or higher to inject malicious web scripts. These scripts execute whenever an unsuspecting user visits an injected page, potentially leading to data theft, site defacement, or other malicious activities. Versions of the plugin up to and including 1.3.91 are susceptible to this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uhKefW
https://www.cve.org/CVERecord?id=CVE-2024-1500
https://nvd.nist.gov/vuln/detail/CVE-2024-1500

Back to Vulnerability Database

CVE-2024-1500

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations