The Plus Addons for Elementor < 5.3.4 – Contributor+ Stored XSS | CVE 2024-23511

Affects Plugins

the-plus-addons-for-elementor-page-builder

Fixed in 5.3.4

References

CVE

CVE-2024-23511

URL

https://patchstack.com/database/vulnerability/the-plus-addons-for-elementor-page-builder/wordpress-the-plus-addons-for-elementor-plugin-5-3-3-cross-site-scripting-xss-vulnerability

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

5.9 (medium)

Miscellaneous

Original Researcher

Abu Hurayra (HurayraIIT)

Verified

No

WPVDB ID

50c3749d-c463-49dc-8dfc-b6c1a0e6d26d

Timeline

Publicly Published

2024-01-30 (about 2 years ago)

Added

2024-02-02 (about 2 years ago)

Last Updated

2024-02-02 (about 2 years ago)

Other

Published

Title

Published

2024-06-28

Title

WP Photo Album Plus < 8.8.00.003 - Reflected Cross-Site Scripting

Published

2023-10-27

Title

Bonus for Woo < 5.8.3 - Reflected Cross-Site Scripting

Published

2014-08-01

Title

Optinfirex - lp/index.php id Parameter Reflected XSS

Published

2025-03-03

Title

Jobs for WordPress < 2.7.11 - Contributor+ Stored XSS

Published

2025-04-01

Title

BlockWheels <= 1.0.2 - Contributor+ Stored XSS