Lucene search

PatchstackCVE-2024-39649

HistoryAug 01, 2024 - 10:15 p.m.

CVE-2024-39649

2024-08-0122:15:26

CWE-79

Patchstack

web.nvd.nist.gov

cve-2024

xss

web page generation

wpdeveloper

stored xss

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

EPSS

Percentile

9.4%

JSON

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through 5.9.26.

Affected configurations

Vulners

Node

wpdeveloperessential_addons_for_elementorRange≤5.9.26

VendorProductVersionCPE
wpdeveloperessential_addons_for_elementor*cpe:2.3:a:wpdeveloper:essential_addons_for_elementor:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wpdeveloper	essential_addons_for_elementor	*	cpe:2.3:a:wpdeveloper:essential_addons_for_elementor::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "essential-addons-for-elementor-lite",
    "product": "Essential Addons for Elementor",
    "vendor": "WPDeveloper",
    "versions": [
      {
        "changes": [
          {
            "at": "5.9.27",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "5.9.26",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/essential-addons-for-elementor-lite/wordpress-essential-addons-for-elementor-plugin-5-9-26-cross-site-scripting-xss-vulnerability?_s_id=cve