CVE-2024-13547

CVSS 3.1 Score 6.4 of 10 (medium)

Attack Complexity low

Scope changed

Confidentiality low

Integrity low

Privileges Required low

Availability none

Details

Published Feb 1, 2025

CWE ID 79

Summary

CVE-2024-13547 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the aThemes Addons for Elementor plugin for WordPress. This issue, present in all versions up to 1.0.12, allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts. The vulnerability arises from insufficient input sanitization and output escaping in the Image Accordion widget, which results in the execution of injected scripts whenever a user accesses an affected page.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2pJgpE
https://www.cve.org/CVERecord?id=CVE-2024-13547
https://nvd.nist.gov/vuln/detail/CVE-2024-13547

Back to Vulnerability Database

CVE-2024-13547

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations