CVE-2024-32505

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Apr 17, 2024

CWE ID 79

Summary

CVE-2024-32505 is a Cross-Site Scripting (XSS) vulnerability affecting versions 3.0.6 and earlier of the Elements kit Elementor addons. Hackers can exploit this improper input neutralization issue during web page generation to inject malicious scripts and potentially gain unauthorized access to user sessions or steal sensitive data. This stored XSS vulnerability poses a significant risk to WordPress websites utilizing these addons. Users are strongly advised to update to the latest version or consider alternative plugins to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vaGf75
https://www.cve.org/CVERecord?id=CVE-2024-32505
https://nvd.nist.gov/vuln/detail/CVE-2024-32505

Back to Vulnerability Database

CVE-2024-32505

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations