Vulnerability Identifier

CVE-2024-1235

2024-02-29

Severity Assessment

6.4

MEDIUM

CVSS v3.x Score

Clinical Analysis (Description)

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom class field in all versions up to, and including, 8.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vector Sequencing

Attack Parameters

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Impact Consequences

Technical Impact

Changed

Scope

Low

Confidentiality

Low

Integrity

None

Availability

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Weakness Classification

CWE-CWE-79

View CWE Details ↗

Affected Population

Affected Configurations

Total: 101 detected entries

Software List Scrollable

addons_for_elementor

Vendor: livemeshelementor • v6.9.5

addons_for_elementor

Vendor: livemeshelementor • v6.14

addons_for_elementor

Vendor: livemeshelementor • v6.10.1

addons_for_elementor

Vendor: livemeshelementor • v7.1.9

addons_for_elementor

Vendor: livemeshelementor • v7.7.1

addons_for_elementor

Vendor: livemeshelementor • v7.1.3

addons_for_elementor

Vendor: livemeshelementor • v7.8

addons_for_elementor

Vendor: livemeshelementor • v7.9

addons_for_elementor

Vendor: livemeshelementor • v6.9.4

addons_for_elementor

Vendor: livemeshelementor • v6.15

addons_for_elementor

Vendor: livemeshelementor • v4.0.0

addons_for_elementor

Vendor: livemeshelementor • v6.2.1

addons_for_elementor

Vendor: livemeshelementor • v7.2.3

addons_for_elementor

Vendor: livemeshelementor • v4.1.1

addons_for_elementor

Vendor: livemeshelementor • v7.9.3

addons_for_elementor

Vendor: livemeshelementor • v7.2.2

addons_for_elementor

Vendor: livemeshelementor • v1.1

addons_for_elementor

Vendor: livemeshelementor • v7.7

addons_for_elementor

Vendor: livemeshelementor • v5.0

addons_for_elementor

Vendor: livemeshelementor • v1.4

addons_for_elementor

Vendor: livemeshelementor • v5.3

addons_for_elementor

Vendor: livemeshelementor • v2.7.5

addons_for_elementor

Vendor: livemeshelementor • v6.10

addons_for_elementor

Vendor: livemeshelementor • v7.9.1

addons_for_elementor

Vendor: livemeshelementor • v4.4

addons_for_elementor

Vendor: livemeshelementor • v2.9.9

addons_for_elementor

Vendor: livemeshelementor • v6.12

addons_for_elementor

Vendor: livemeshelementor • v7.1.4

addons_for_elementor

Vendor: livemeshelementor • v7.6

addons_for_elementor

Vendor: livemeshelementor • v1.5.4

addons_for_elementor

Vendor: livemeshelementor • v8.1.1

addons_for_elementor

Vendor: livemeshelementor • v7.5

addons_for_elementor

Vendor: livemeshelementor • v1.3

addons_for_elementor

Vendor: livemeshelementor • v2.9.5

addons_for_elementor

Vendor: livemeshelementor • v8.1

addons_for_elementor

Vendor: livemeshelementor • v6.9.2

addons_for_elementor

Vendor: livemeshelementor • v1.2

addons_for_elementor

Vendor: livemeshelementor • v6.0

addons_for_elementor

Vendor: livemeshelementor • v4.1.0

addons_for_elementor

Vendor: livemeshelementor • v2.8

addons_for_elementor

Vendor: livemeshelementor • v5.2

addons_for_elementor

Vendor: livemeshelementor • v4.3.1

addons_for_elementor

Vendor: livemeshelementor • v2.9.6

addons_for_elementor

Vendor: livemeshelementor • v2.7.2

addons_for_elementor

Vendor: livemeshelementor • v4.6

addons_for_elementor

Vendor: livemeshelementor • v7.1

addons_for_elementor

Vendor: livemeshelementor • v3.0.0

addons_for_elementor

Vendor: livemeshelementor • v2.5.2

addons_for_elementor

Vendor: livemeshelementor • v7.1.5

addons_for_elementor

Vendor: livemeshelementor • v6.3.1

addons_for_elementor

Vendor: livemeshelementor • v1.6

addons_for_elementor

Vendor: livemeshelementor • v8.3.2

addons_for_elementor

Vendor: livemeshelementor • v7.2.4

addons_for_elementor

Vendor: livemeshelementor • v8.0

addons_for_elementor

Vendor: livemeshelementor • v7.9.2

addons_for_elementor

Vendor: livemeshelementor • v2.7.3

addons_for_elementor

Vendor: livemeshelementor • v1.0

addons_for_elementor

Vendor: livemeshelementor • v6.1

addons_for_elementor

Vendor: livemeshelementor • v6.10.2

addons_for_elementor

Vendor: livemeshelementor • v7.01

addons_for_elementor

Vendor: livemeshelementor • v6.16

addons_for_elementor

Vendor: livemeshelementor • v7.3

addons_for_elementor

Vendor: livemeshelementor • v1.5

addons_for_elementor

Vendor: livemeshelementor • v8.3

addons_for_elementor

Vendor: livemeshelementor • v6.11

addons_for_elementor

Vendor: livemeshelementor • v4.2

addons_for_elementor

Vendor: livemeshelementor • v8.2.1

addons_for_elementor

Vendor: livemeshelementor • v6.9

addons_for_elementor

Vendor: livemeshelementor • v2.7

addons_for_elementor

Vendor: livemeshelementor • v2.6

addons_for_elementor

Vendor: livemeshelementor • v2.9.7

addons_for_elementor

Vendor: livemeshelementor • v2.1

addons_for_elementor

Vendor: livemeshelementor • v6.7

addons_for_elementor

Vendor: livemeshelementor • v7.1.7

addons_for_elementor

Vendor: livemeshelementor • v1.2.1

addons_for_elementor

Vendor: livemeshelementor • v7.2.0

addons_for_elementor

Vendor: livemeshelementor • v7.1.1

addons_for_elementor

Vendor: livemeshelementor • v6.6

addons_for_elementor

Vendor: livemeshelementor • v7.1.2

addons_for_elementor

Vendor: livemeshelementor • v2.6.2

addons_for_elementor

Vendor: livemeshelementor • v6.13

addons_for_elementor

Vendor: livemeshelementor • v6.8

addons_for_elementor

Vendor: livemeshelementor • v7.2.1

addons_for_elementor

Vendor: livemeshelementor • v8.3.1

addons_for_elementor

Vendor: livemeshelementor • v6.9.1

addons_for_elementor

Vendor: livemeshelementor • v2.7.4

addons_for_elementor

Vendor: livemeshelementor • v6.5

addons_for_elementor

Vendor: livemeshelementor • v4.5

addons_for_elementor

Vendor: livemeshelementor • v6.7.1

addons_for_elementor

Vendor: livemeshelementor • v7.1.8

addons_for_elementor

Vendor: livemeshelementor • v4.3

addons_for_elementor

Vendor: livemeshelementor • v8.2

addons_for_elementor

Vendor: livemeshelementor • v2.0.1

addons_for_elementor

Vendor: livemeshelementor • v7.1.6

addons_for_elementor

Vendor: livemeshelementor • v5.1

addons_for_elementor

Vendor: livemeshelementor • v6.3

addons_for_elementor

Vendor: livemeshelementor • v6.2

addons_for_elementor

Vendor: livemeshelementor • v7.0

addons_for_elementor

Vendor: livemeshelementor • v2.2

addons_for_elementor

Vendor: livemeshelementor • v2.3.3

addons_for_elementor

Vendor: livemeshelementor • v8.2.2

Timeline

Time Line

PUBLICATION

29 Feb 2024

MODIFICATION

15 Jan 2025

Impact Statistics

Key Metrics

CVSS Score

6.4

MEDIUM

Products

101

Affected

Articles

Published

Remediation Protocol

Immediate Action Plan

1. Inventory

Identify all affected systems in your infrastructure.

2. Assessment

Assess exposure and criticality for your organization.

3. Mitigation

Apply patches or available workarounds.

4. Verification

Test and confirm effectiveness of applied measures.

Sources & Bibliography

NIST NVD MITRE CVE External Reference ↗ External Reference ↗ External Reference ↗ External Reference ↗ External Reference ↗

CVE Vulnerabilities

Posts & Pages

CVE-2024-1235

Attack Parameters

Technical Impact

CWE-CWE-79

Affected Configurations

Time Line

Key Metrics

Recommended Solution

Related News Articles

Veeam Vulnerabilities Expose Backup Servers to RCE Attacks

Multiple Vulnerabilities Identified in Elastic Products

Weekly Cybersecurity Update: MongoDB Attacks, Wallet Breaches, Android Spyware, and More

Mise à jour hebdomadaire de la sécurité numérique : Attaques MongoDB, Fraude sur les porte-monnaies, Logiciels malveillants Android et Plus

Plusieurs Vulnérabilités Identifiées dans les Produits Elastic

Foxit Security Advisory: Multiple Vulnerabilities Identified

Immediate Action Plan

1. Inventory

2. Assessment

3. Mitigation

4. Verification