CVE-2024-2131

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Mar 23, 2024

Updated: Mar 25, 2024

CWE ID 20

Summary

CVE-2024-2131 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Move Addons for Elementor plugin for WordPress. The issue lies in the infobox and button widget, which fail to properly sanitize and escape user-supplied attributes. This flaw enables authenticated attackers with contributor-level access or higher to inject malicious scripts. These scripts are executed whenever a user visits an injected page, posing a serious security risk. All versions of the plugin up to and including 1.2.9 are impacted.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Microsoft .NET Framework
Microsoft Visual Studio 2022

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uFeCu5
https://www.cve.org/CVERecord?id=CVE-2024-2131
https://nvd.nist.gov/vuln/detail/CVE-2024-2131

Back to Vulnerability Database