CVE-2024-8236
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Published Nov 26, 2024
CWE ID 79
Summary
CVE-2024-8236 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Elementor Website Builder plugin for WordPress. The issue lies in the Icon widget's 'url' parameter, which lacks proper input sanitization and output escaping. This weakness allows authenticated attackers, with Contributor-level access or higher, to inject malicious scripts into pages. These scripts will execute whenever a user visits an injected page. Versions of the plugin up to and including 3.25.7 are susceptible to this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share