CVE-2024-9068
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Summary
CVE-2024-9068 identifies a Stored Cross-Site Scripting vulnerability in the OneElements – Best Elementor Addons plugin for WordPress, affecting all versions up to and including 1.3.7. This vulnerability arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Author-level access or higher to inject arbitrary scripts that execute when users access SVG files. The risk level is assessed as medium (CVSS score of 6.4), with the potential for low impact on confidentiality and integrity. To remediate this vulnerability, users should update the plugin to a version beyond 1.3.7 to ensure proper sanitization measures are in place. Failure to address this issue could lead to unauthorized script execution on affected websites, posing significant security risks to users and data integrity.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.