CVE-2024-2250

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Mar 29, 2024

Summary

CVE-2024-2250 is a stored cross-site scripting (XSS) vulnerability affecting the "130+ Widgets | Best Addons For Elementor" plugin for WordPress. The flaw, present in all versions up to 1.4.2, stems from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's widgets. This weakness allows authenticated attackers with contributor-level access or higher to inject malicious scripts that will execute whenever a user visits an injected page. This poses a significant risk, as the vulnerable pages may be accessed by multiple users, potentially leading to widespread code injection.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uyzL33
https://www.cve.org/CVERecord?id=CVE-2024-2250
https://nvd.nist.gov/vuln/detail/CVE-2024-2250

Back to Vulnerability Database

CVE-2024-2250

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations