CVE-2024-1234

Medium

Low Medium High Critical

6.4

CVSS Score

Published: Mar 13, 2024

Last Modified: Apr 08, 2026

CWE: CWE-79

Vulnerability Description

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector

N

Attack Complexity

L

Privileges Required

L

User Interaction

N

Scope

C

Confidentiality

L

Integrity

L

Availability

N

References & Resources

Severity Details

6.4

out of 10.0

Medium

Weakness Type (CWE)

CWE-79 Top 25 #1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description: The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Exploit Likelihood: High
Typical Severity: Medium
OWASP Top 10: A03:2021-Injection
Abstraction Level: Base

View CWE Details on MITRE

Key Information

Published Date: March 13, 2024

External Resources

NIST

National Vulnerability Database

Official CVE record

Related News Articles

Latest news and updates about CVE-2024-1234

Mar 29, 2026

OpenClaw AI Assistant Vulnerability Allows Remote Code Execution

OpenClaw AI Assistant vulnerable to one-click remote code execution attacks, leading to potential data breaches and unauthorized access.

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm - Open VSX Registry, supply chain attack, glassworm malware

Mar 29, 2026

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

A detailed analysis of a supply chain attack targeting the Open VSX Registry, compromising developer accounts to spread malware.

Multiple Vulnerabilities Identified in Red Hat Linux Kernel (January 30, 2026) - Red Hat, Linux kernel, vulnerabilities

Mar 29, 2026

Multiple Vulnerabilities Identified in Red Hat Linux Kernel (January 30, 2026)

Multiple critical vulnerabilities have been identified in the Red Hat Linux kernel, posing significant risks to system security.

Multiple Vulnerabilities Identified in SUSE Linux Kernel (January 30, 2026) - SUSE Linux, kernel vulnerabilities, buffer overflow

Mar 29, 2026

Multiple Vulnerabilities Identified in SUSE Linux Kernel (January 30, 2026)

Multiple critical vulnerabilities have been identified in the SUSE Linux kernel, posing significant risks to system security. Immediate action is…

Microsoft Identifies Root Cause of Windows 11 Boot Failures Linked to Failed December 2025 Update - Windows 11, boot failures, December 2025 update

Mar 29, 2026

Microsoft Identifies Root Cause of Windows 11 Boot Failures Linked to Failed December 2025 Update

Microsoft has identified the root cause of recent Windows 11 boot failures, linking them to a failed attempt at installing…

Microsoft Addresses Encryption Bug in Outlook - Microsoft, Outlook, encryption bug

Mar 29, 2026

Microsoft Addresses Encryption Bug in Outlook

Microsoft has resolved an encryption bug in Outlook that prevented access to encrypted emails after recent updates.

View All Related Articles