Lucene search

[email protected]CVE-2024-29792

HistoryMar 27, 2024 - 1:15 p.m.

CVE-2024-29792

2024-03-2713:15:50

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-29792

cross-site scripting

web page generation

reflected xss

unlimited elements for elementor

widgets

addons

templates

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

9.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Reflected XSS.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.93.

Affected configurations

Vulners

Node

unlimited_elementsunlimited_elements_for_elementor_\(free_widgets\,_addons\,_templates\)Range≤1.5.93

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "unlimited-elements-for-elementor",
    "product": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)",
    "vendor": "Unlimited Elements",
    "versions": [
      {
        "changes": [
          {
            "at": "1.5.94",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.5.93",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-93-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve