CVE-2024-34563

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published May 8, 2024

CWE ID 79

Summary

CVE-2024-34563 is a Cross-site Scripting (XSS) vulnerability affecting Gold Addons for Elementor, a popular WordPress plugin. The flaw, labeled as Stored XSS, resides in the plugin's web page generation process. An attacker can exploit this vulnerability by injecting malicious scripts into specially crafted inputs, potentially gaining unauthorized access to user sessions or stealing sensitive data. This issue puts sites using Gold Addons for Elementor versions from n/a through 1.2.9 at risk. Updating to the latest, patched version is highly recommended to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vzE29S
https://www.cve.org/CVERecord?id=CVE-2024-34563
https://nvd.nist.gov/vuln/detail/CVE-2024-34563

Back to Vulnerability Database

CVE-2024-34563

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations