CVE-2024-52425

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 18, 2024
Updated: Nov 20, 2024
CWE ID 79

Summary

CVE-2024-52425 is a newly identified Cross-site Scripting (XSS) vulnerability affecting the Drozd – Addons for Elementor plugin. This issue, classified as Improper Neutralization of Input During Web Page Generation, allows attackers to inject malicious scripts into web pages generated by the plugin. These stored XSS scripts can be executed when a user visits a specially crafted webpage, potentially leading to unauthorized access, data theft, or other malicious activities. The vulnerability affects Drozd – Addons for Elementor versions from n/a through 1.1.1. Users are strongly advised to update the plugin as soon as a patch is available to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share