The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its Cookie Consent block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
History

Fri, 29 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Element Pack Elementor Addons Wordpress
Element Pack Elementor Addons Wordpress element Pack Elementor Addons Wordpress
CPEs cpe:2.3:a:element_pack_elementor_addons_wordpress:element_pack_elementor_addons_wordpress:*:*:*:*:*:*:*:*
Vendors & Products Element Pack Elementor Addons Wordpress
Element Pack Elementor Addons Wordpress element Pack Elementor Addons Wordpress
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 29 Nov 2024 06:15:00 +0000

Type Values Removed Values Added
Description The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its Cookie Consent block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Title Element Pack Elementor Addons < 5.10.3 - Contributor+ Stored XSS
References

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-11-29T06:00:07.501Z

Updated: 2024-11-29T14:54:11.431Z

Reserved: 2024-11-07T19:41:08.267Z

Link: CVE-2024-10980

cve-icon Vulnrichment

Updated: 2024-11-29T14:45:52.564Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-29T06:15:06.633

Modified: 2024-11-29T15:15:15.903

Link: CVE-2024-10980

cve-icon Redhat

No data.