CVE-2024-13354

Medium CVSS: 6.4

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in several widgets in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor

Cyberchimps

Product

Responsive Addons

CWE

CWE-79

Yayın Tarihi

2025-01-24 11:15:08

Güncelleme

2025-02-05 01:36:55

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-79 Responsive Addons MEDIUM Cyberchimps 2025

Referanslar

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3226779%40responsive-addons-for-elementor&new=3226779%40responsive-addons-for-elementor&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/c46d71fb-ccf1-4cbe-8088-edb7fba225e9?source=cve

Benzer Kayıtlar

Medium

CVE-2025-54050

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Respon…

Medium

CVE-2025-2225

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulne…

Medium

CVE-2025-2228

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulne…

High

CVE-2024-13353

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulne…

Medium

CVE-2024-13834

The Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordP…

Medium

CVE-2025-22697

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Respon…