CVE-2024-4265

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published May 2, 2024

CWE ID 311

CWE ID 200

Summary

CVE-2024-4265 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress. This issue, existing in versions up to and including 2.0.5.9, allows authenticated attackers with contributor-level permissions or higher to inject malicious scripts via the 'url' parameter with insufficient input sanitization and output escaping. Successful exploitation results in the execution of arbitrary web scripts whenever a user accesses an injected page.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xheRSr
https://www.cve.org/CVERecord?id=CVE-2024-4265
https://nvd.nist.gov/vuln/detail/CVE-2024-4265

Back to Vulnerability Database

CVE-2024-4265

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations