AI description
CVE-2024-8440 is a stored cross-site scripting (XSS) vulnerability found in the Essential Addons for Elementor WordPress plugin. The vulnerability affects versions up to and including 6.0.3. It exists within the Fancy Text widget due to insufficient input sanitization and output escaping of user-supplied attributes. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages. These malicious scripts execute in users' browsers when they access the compromised pages. Updating to version 6.0.4 or later of the Essential Addons for Elementor plugin resolves this vulnerability.
- Description
- The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Source
- security@wordfence.com
- NVD status
- Analyzed
- Products
- essential_addons_for_elementor
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-79
- Hype score
- Not currently trending
CVE-2024-8440这个能够直接提权的漏洞外,sandboxescaper还公布了两个越权删除任意文件的EXP(CVE-2014-8584)和一个越权读取任意文件的EXP。12月份公布的后两个漏洞虽然也是Windows中的逻辑问题,但是与RPC无关。 技术联系
@Ii6Roun7
31 Aug 2025
2595 Impressions
0 Retweets
44 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-8440这个能够直接提权的漏洞外,sandboxescaper还公布了两个越权删除任意文件的EXP(CVE-2014-8584)和一个越权读取任意文件的EXP。 12月份公布的后两个漏洞虽然也是Windows中的逻辑问题,但是与RPC无关。 https://t.co
@JoiR666
29 Aug 2025
2401 Impressions
0 Retweets
65 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpdeveloper:essential_addons_for_elementor:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "CC2BF72D-F094-4146-AAC4-D7ED8BE0D3B8",
"versionEndExcluding": "6.0.4"
}
],
"operator": "OR"
}
]
}
]