CVE-2024-3598 – The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via …

19 April 2024

Vuln ID: CVE-2024-3598

Published: 2024-04-19 02:15:11.083

Description: The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Base Score: 6.4 – MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Source: NVD.NIST.GOV

Date:

19 April 2024

Categorie(s):

NVD

Tag(s):

NVD

Patch up – 4 critical bugs in ArubaOS lead to remote code execution2 May 2024
Menlo Security inks cybersecurity partnership with Google Cloud2 May 2024
4 IoT Trends U.K. Businesses Should Watch in 20242 May 2024
Dealing with the Double-Edged Swords of MFA and Zero Trust2 May 2024
Continuous threat exposure management (CTEM): What it is and how to achieve it2 May 2024