Element Pack Elementor Addons < 5.10.3 – Contributor+ Stored XSS | CVE 2024-10493 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Proof of Concept

As a contributor Create/edit a post with Elementor.

Add a "Lightbox" block and put the following payload in the Lightbox Content > Content Caption settings of the block: &lt;img src=x onerror=alert(1)&gt;123

Submit/save the post. The XSS will be triggered when (pre)viewing the post and clicking on the image generated by the block in the post

Affects Plugins

bdthemes-element-pack-lite

Fixed in 5.10.3

References

CVE

URL

https://research.cleantalk.org/cve-2024-10493/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://www.linkedin.com/in/dmitriy-ignatyev-8a9189267/

Verified

Yes

WPVDB ID

2e7f7196-054b-4cfd-9219-c60bb8275e8d

Timeline

Publicly Published

2024-11-07 (about 1 year ago)

Added

2024-11-07 (about 1 year ago)

Last Updated

2024-11-07 (about 1 year ago)

Other

Published

Title

Published

2020-03-24

Title

Data Tables Generator By Supsystic < 1.9.92 - Authenticated Stored XSS

Published

2024-10-21

Title

Code Generate <= 1.0 - Reflected Cross-Site Scripting

Published

2022-12-09

Title

Team Members < 5.2.1 - Editor+ Stored XSS

Published

2025-01-14

Title

Post Carousel & Slider <= 1.0.4 - Reflected Cross-Site Scripting

Published

2021-07-21

Title

Charitable - Donation Plugin < 1.6.51 - Unauthenticated Stored Cross-Site Scripting