CVE-2024-47628
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-47628 is a Cross-site Scripting (XSS) vulnerability affecting the LA-Studio Element Kit for Elementor, specifically versions up to 1.3.9.3. This vulnerability allows for Stored XSS attacks, which can lead to unauthorized actions being performed on behalf of users who interact with the affected web pages. The severity of this issue is rated as medium, with an exploitability score of 2.3, requiring low privileges and user interaction for successful exploitation. Organizations using this plugin should remediate the issue by updating to a patched version as recommended in security advisories. If left unaddressed, this vulnerability poses potential risks to the confidentiality and integrity of user data within affected systems.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.