CVE-2024-1234

Published Mar 13, 2024

Last updated 3 months ago

Overview

Description
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Source
security@wordfence.com
NVD status
Modified
Products
exclusive_addons_for_elementor

Risk scores

CVSS 3.1

Type
Primary
Base score
5.4
Impact score
2.7
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

security@wordfence.com
CWE-79
nvd@nist.gov
CWE-79

Social media

Hype score
Not currently trending
  1. Your scanner says CVE-2024-1234 is closed. Your auditor asks: "Prove it" A ticket status or screenshot isn't evidence or verification. We re-scan the asset and shows the control gap closed, verifiable proof. Book a demo → https://t.co/qJIP8t5HtA #CyberSecurity #CISO https://t.c

    @scanninjaai

    3 Jul 2026

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🔴 (Hypothetical Library Name), Code Injection, #CVE-2024-1234 (Critical) https://t.co/JYxVbntiui

    @dailycve

    10 Mar 2026

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 Unmasking the Latest MOVEit Transfer Zero-Day: A Deep Dive into the #CVE-2024-1234 SQLi Exploit and #Digital Forensics + Video https://t.co/45xxVDM4Az Educational Purposes!

    @UndercodeUpdate

    7 Mar 2026

    82 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  4. Byte is sweeping the network with her blacklight nose! 🕵️‍♀️🔦 CVE-2024-1234? Detected. Missing patches? Flagged. She sniffs out weaknesses before the bad guys even wake up. #VulnerabilityManagement #InfoSec @DataHaven_xyz

    @ManishVermalion

    24 Feb 2026

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Top 5 Trending CVEs: 1 - CVE-2026-21509 2 - CVE-2026-20805 3 - CVE-2024-3094 4 - CVE-2024-1234 5 - CVE-2010-5139 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    3 Feb 2026

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Clawdbot, Command Injection Vulnerability, #CVE-2024-1234 (Critical) https://t.co/N26MMNHf4u

    @ExWareLabs

    3 Feb 2026

    850 Impressions

    2 Retweets

    8 Likes

    0 Bookmarks

    2 Replies

    0 Quotes

  7. 🔴 Clawdbot, Command Injection Vulnerability, #CVE-2024-1234 (Critical) https://t.co/WJ1xChD0Rz

    @dailycve

    3 Feb 2026

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🔴 Hono, #IP Validation Bypass, #CVE-2024-1234 (Critical) https://t.co/qdcfHwU4Jp

    @dailycve

    27 Jan 2026

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. hot take: your security scanner shouldn't "think." it should find cve-2024-1234 or it shouldn't. it should detect leaked aws keys or it shouldn't. no confidence scores. no maybes. just deterministic, reproducible findings. that's why we built aurasecurity.

    @aiaurasecurity

    22 Jan 2026

    591 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. KageNoNeko APT40 Заражение: фишинг (CVE-2024-1234), DLL Side-Loading. C2: https://t.co/0q5hXurBZS. Фичи: ключлоггер, ChaCha20, EternalBlue. Анти-анализ: VMProtect, ключ NekoShadow2025. YARA/IOCs в DM Блокируйте 45.67.89

    @no_kutu

    2 Aug 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. 🟠 n8n, Improper Authorization, #CVE-2024-1234 (Medium) https://t.co/fcIBj8ZrIW

    @dailycve

    5 Jul 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🔴 eKuiper, Path Traversal to RCE, #CVE-2024-1234 (Critical) https://t.co/gVbxU42CT9

    @dailycve

    3 Jul 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🔴 SurrealDB, SurrealQL Injection, #CVE-2024-1234 (Critical) https://t.co/JVJvbm3zDo

    @dailycve

    11 Apr 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🟠 Miniflux, Cross-Site Scripting (XSS), #CVE-2024-1234 (Medium) https://t.co/bwdPmZA8Gf

    @dailycve

    4 Apr 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations