Lucene search

PatchstackCVE-2024-30422

HistoryMar 28, 2024 - 9:15 a.m.

CVE-2024-30422

2024-03-2809:15:08

CWE-79

Patchstack

web.nvd.nist.gov

cross-site scripting

wpvibes

elementor addon elements

vulnerability

nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

AI Score

9.1

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.1.

Affected configurations

Vulners

Node

wpvibeselementor_addon_elementsRange≤1.13.1wordpress

VendorProductVersionCPE
wpvibeselementor_addon_elements*cpe:2.3:a:wpvibes:elementor_addon_elements:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wpvibes	elementor_addon_elements	*	cpe:2.3:a:wpvibes:elementor_addon_elements::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "addon-elements-for-elementor-page-builder",
    "product": "Elementor Addon Elements",
    "vendor": "WPVibes",
    "versions": [
      {
        "changes": [
          {
            "at": "1.13.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.13.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/addon-elements-for-elementor-page-builder/wordpress-elementor-addon-elements-plugin-1-13-1-cross-site-scripting-xss-vulnerability?_s_id=cve