← Back to CVE List

CVE-2024-4624

Published: 2024-05-14T16:17Z
Last Modified: 2025-01-15T18:00Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugins for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_ext_toc_title_tag’ parameter in versions up to, and including, 5.9.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt