CVSS 3.1 Score 6.4 of 10 (medium)


Published May 25, 2024
Updated: May 28, 2024


CVE-2024-5229 is a vulnerability found in the Primary Addon for Elementor plugin for WordPress, affecting all versions up to and including 1.5.5. The vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts through the plugin's Pricing Table widget, leading to Stored Cross-Site Scripting (XSS). This means that whenever a user accesses a page with injected scripts, they will be executed. The risk score is 30, indicating a medium severity level. The exploitability score is 3.1 out of 10, and the base score is 6.4 out of 10. The privileges required for exploitation are low, and no user interaction is needed. The attack vector is through the network, with low impact on integrity and confidentiality but no impact on availability. Remediation for this vulnerability would involve updating the Primary Addon for Elementor plugin to a version beyond 1.5.5 to mitigate the risk it poses to organizations using WordPress with this plugin installed. (Note: This summary was created based on information given in the provided text.)


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-5229 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options