CVE-2024-47628

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 5, 2024
CWE ID 79

Summary

CVE-2024-47628 is a Cross-site Scripting (XSS) vulnerability affecting the LA-Studio Element Kit for Elementor, specifically versions up to 1.3.9.3. This vulnerability allows for Stored XSS attacks, which can lead to unauthorized actions being performed on behalf of users who interact with the affected web pages. The severity of this issue is rated as medium, with an exploitability score of 2.3, requiring low privileges and user interaction for successful exploitation. Organizations using this plugin should remediate the issue by updating to a patched version as recommended in security advisories. If left unaddressed, this vulnerability poses potential risks to the confidentiality and integrity of user data within affected systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share