CVE-2024-9068

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Sep 25, 2024
Updated: Sep 26, 2024
CWE ID 79

Summary

CVE-2024-9068 identifies a Stored Cross-Site Scripting vulnerability in the OneElements – Best Elementor Addons plugin for WordPress, affecting all versions up to and including 1.3.7. This vulnerability arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Author-level access or higher to inject arbitrary scripts that execute when users access SVG files. The risk level is assessed as medium (CVSS score of 6.4), with the potential for low impact on confidentiality and integrity. To remediate this vulnerability, users should update the plugin to a version beyond 1.3.7 to ensure proper sanitization measures are in place. Failure to address this issue could lead to unauthorized script execution on affected websites, posing significant security risks to users and data integrity.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share