CVE-2024-0367
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Summary
CVE-2024-0367 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Unlimited Elements For Elementor plugin for WordPress. This issue, present in all versions up to 1.5.96, allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts. The vulnerability is due to insufficient input sanitization and output escaping on user-supplied attributes in an installed widget's link field, such as the 'Button Link'. As a result, any injected page containing the malicious script will execute whenever an unsuspecting user accesses it.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.