CVE-2024-5229

CVSS 3.1 Score 6.4 of 10 (medium)

Attack Complexity low
Scope changed
Confidentiality low
Integrity low
Privileges Required low
Availability none

Details

Published May 25, 2024
Updated: Jul 3, 2024
CWE ID 79

Summary

CVE-2024-5229 is a stored cross-site scripting vulnerability affecting the Primary Addon for Elementor plugin for WordPress. This issue, impacting versions up to 1.5.5, stems from insufficient input sanitization and output escaping on user-supplied attributes in the Pricing Table widget. Consequently, authenticated attackers with contributor-level access and above can inject malicious web scripts, which execute when a user visits an injected page.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share