CVE-2024-8742

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Sep 13, 2024
CWE ID 79

Summary

CVE-2024-8742 identifies a vulnerability in the Essential Addons for Elementor plugin for WordPress, affecting all versions up to 6.0.3. This vulnerability allows authenticated attackers with contributor-level access or higher to exploit insufficient input sanitization and output escaping in the Filterable Gallery widget, enabling them to inject arbitrary scripts that can execute when a user accesses the affected pages. The potential threat poses medium severity with a base score of 6.4 and an exploitability score of 3.1, suggesting low privileges required for exploitation and no user interaction necessary. To remediate this issue, users should update the plugin to a version beyond 6.0.3, where this vulnerability has been addressed. Organizations utilizing this plugin should be aware of the risks associated with stored cross-site scripting attacks, particularly regarding data integrity and user security.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share