Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2021-24258

UNKNOWN
Published 2021-05-05T18:28:46
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-24258. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Wpmet

Elements Kit Lite

Affected Versions:

2.2.0
Wpmet

Elements Kit Pro

Affected Versions:

2.2.0

WordPress Vulnerability

Identified and analyzed by Wordfence

Software Type

Plugin

Patch Status

Patched

Published

April 13, 2021

Software Details

Software Name

ElementsKit Elementor addons

Software Slug

elementskit-lite

Affected Versions

* - 2.1.7

Patched Versions

2.2.0

Remediation

Update to version 2.2.0, or a newer patched version

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/75d5366e-2908-4b8d-9ee2-1f11e483add1?source=api-prod

© Defiant Inc. Data provided by Wordfence.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-487m-63p5-88hq

Advisory Details

The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

CVSS Scoring

CVSS Score

5.0

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-24258
WEB https://wpscan.com/vulnerability/47b47b86-899b-4de3-8a3c-2d5d1774298f
WEB https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: May 24, 2022

References

https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/
https://wpscan.com/vulnerability/47b47b86-899b-4de3-8a3c-2d5d1774298f
Published: 2021-05-05T18:28:46
Last Modified: 2024-08-03T19:28:22.245Z
Copied to clipboard!