CVE-2024-1536
CVSS 3.1 Score 7.4 of 10 (high)
Details
Summary
CVE-2024-1536: A critical vulnerability affects the Essential Addons for Elementor plugin for WordPress. The issue, which exists in the event calendar widget, allows authenticated attackers with contributor-level access and above to inject malicious scripts due to insufficient input sanitization and output escaping on user-supplied attributes. Successful exploitation results in the execution of arbitrary web scripts whenever an injected page is accessed. Versions up to and including 5.9.9 are affected. Users are urged to update to the latest version to mitigate this Stored Cross-Site Scripting (XSS) vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- WPDeveloper