CVE-2024-2491
PowerPack Addons for Elementor <= 2.7.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via *_html_tag*
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
12Exploited in Wild
-Decision
Descriptions
The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the *_html_tag* attribute of multiple widgets in all versions up to, and including, 2.7.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
El complemento PowerPack Addons for Elementor de WordPress es vulnerable a cross-site scripting almacenado a través del atributo *_html_tag* de múltiples widgets en todas las versiones hasta la 2.7.17 incluida debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-15 CVE Reserved
- 2024-03-29 CVE Published
- 2024-03-31 EPSS Updated
- 2024-05-30 First Exploit
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (14)
URL | Date | SRC |
---|---|---|
https://github.com/RevoltSecurities/CVE-2024-24919 | 2024-06-05 | |
https://github.com/GoatSecurity/CVE-2024-24919 | 2024-05-31 | |
https://github.com/LucasKatashi/CVE-2024-24919 | 2024-05-30 | |
https://github.com/emanueldosreis/CVE-2024-24919 | 2024-05-30 | |
https://github.com/Rug4lo/CVE-2024-24919-Exploit | 2024-06-03 | |
https://github.com/zam89/CVE-2024-24919 | 2024-05-31 | |
https://github.com/GlobalsecureAcademy/CVE-2024-24919 | 2024-05-31 | |
https://github.com/r4p3c4/CVE-2024-24919-Exploit-PoC-Checkpoint-Firewall-VPN | 2024-06-01 | |
https://github.com/mr-kasim-mehar/CVE-2024-24919-Exploit | 2024-06-02 | |
https://github.com/nullcult/CVE-2024-24919-Exploit | 2024-06-07 | |
https://github.com/starlox0/CVE-2024-24919-POC | 2024-06-06 | |
https://github.com/un9nplayer/CVE-2024-24919 | 2024-06-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ideaboxcreations Search vendor "Ideaboxcreations" | PowerPack Addons For Elementor (Free Widgets, Extensions And Templates) Search vendor "Ideaboxcreations" for product "PowerPack Addons For Elementor (Free Widgets, Extensions And Templates)" | <= 2.7.17 Search vendor "Ideaboxcreations" for product "PowerPack Addons For Elementor (Free Widgets, Extensions And Templates)" and version " <= 2.7.17" | en |
Affected
|