CVE-2024-8236

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Nov 26, 2024
CWE ID 79

Summary

CVE-2024-8236 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Elementor Website Builder plugin for WordPress. The issue lies in the Icon widget's 'url' parameter, which lacks proper input sanitization and output escaping. This weakness allows authenticated attackers, with Contributor-level access or higher, to inject malicious scripts into pages. These scripts will execute whenever a user visits an injected page. Versions of the plugin up to and including 3.25.7 are susceptible to this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share