CVE-2024-5229

Summary

CVE-2024-5229 is a vulnerability found in the Primary Addon for Elementor plugin for WordPress, affecting all versions up to and including 1.5.5. The vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts through the plugin's Pricing Table widget, leading to Stored Cross-Site Scripting (XSS). This means that whenever a user accesses a page with injected scripts, they will be executed. The risk score is 30, indicating a medium severity level. The exploitability score is 3.1 out of 10, and the base score is 6.4 out of 10. The privileges required for exploitation are low, and no user interaction is needed. The attack vector is through the network, with low impact on integrity and confidentiality but no impact on availability. Remediation for this vulnerability would involve updating the Primary Addon for Elementor plugin to a version beyond 1.5.5 to mitigate the risk it poses to organizations using WordPress with this plugin installed. (Note: This summary was created based on information given in the provided text.)

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.