CVE-2024-1508

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Mar 13, 2024

Summary

CVE-2024-1508 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Prime Slider – Addons For Elementor plugin for WordPress. This issue, present in all versions up to 3.13.2, arises due to insufficient input sanitization and output escaping in the 'settings['title_tags']' attribute of the Mercury widget. Authenticated attackers with contributor-level access or higher can exploit this vulnerability by injecting arbitrary web scripts. These scripts will be executed whenever a user accesses an injected page.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uhPVvi
https://www.cve.org/CVERecord?id=CVE-2024-1508
https://nvd.nist.gov/vuln/detail/CVE-2024-1508

Back to Vulnerability Database

CVE-2024-1508

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations