CVE-2024-3309 – The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site …

27 April 2024

Vuln ID: CVE-2024-3309

Published: 2024-04-27 10:15:07.307

Description: The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget’s attributes in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Base Score: 6.4 – MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Source: NVD.NIST.GOV

Date:

27 April 2024

Categorie(s):

NVD

Tag(s):

NVD

Zscaler swats claims of a significant breach9 May 2024
OpenAI unveils ‘Model Spec’: A framework for shaping responsible AI9 May 2024
Quishing Campaign Exploits Microsoft Open Redirect Vulnerability9 May 2024
Threat Actors Accessed Cancer patients’ Data left Open by Testing Lab9 May 2024
Latest NICE Framework Update Offers Improvements for the Cybersecurity Workforce9 May 2024