VulnerAlert



WORDPRESS
07-06-2025 09:20

CVE-2024-9994 Vulnerabilidad documentada

Sin puntuación
Tags
#wordpress
#site
#plugin
#cross
#woocommerce
#web
#essential addons for elementor
#essential addons
#elementor
#cross-site
#add
#/essential(.*)addons(.*)for(.*)elementor/iU
#/essential(.*)addons/iU
#/elementor(.*)wordpress/iU
#elementor wordpress
#cross-site scripting
#attackers
#authenticated
#arbitrary
#vulnerable
#scripting
#inject
#execute
#attack
#access
Descripción
The Essential Addons for Elementor – Best Addon, Templates, Widgets, Kits & WooCommerce Builders plugin WordPress is vulnerable to Stored Cross-Site Scripting via the eael_pricing_item_tooltip_content parameter of Pricing Table Widget in all versions up to, and including, 6.1.12 due insufficient input sanitization output escaping on user supplied attributes. This makes it possible authenticated attackers, with contributor-level access above, inject arbitrary web scripts pages that will execute whenever a accesses an injected page.
https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.0.7/includes/Elements/Pricing_Table.php#L2164
https://www.wordfence.com/threat-intel/vulnerabilities/id/855ae993-d887-4416-9b3c-8274a90dce5f?source=cve
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2024-9994
Resultados similares
Coincidentes en almenos en 50% de los tags
07-06-2025 CVE-2025-5568
The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pa...
Ver información
07-06-2025 CVE-2025-5528
The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflecte...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por