Moose Elementor Kit < 1.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting | CVE 2024-51856 | Plugin Vulnerabilities

Description

The Moose Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Affects Plugins

moose-elementor-kit

Fixed in 1.1.0

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/122a08f7-4e82-494a-b1a9-00ae3d9465ff

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Gab

Verified

No

WPVDB ID

9180fc92-30ba-4e9c-b51f-38f762dfbdd2

Timeline

Publicly Published

2024-11-08 (about 1 year ago)

Added

2024-11-14 (about 1 year ago)

Last Updated

2024-11-20 (about 1 year ago)

Other

Published

Title

Published

2025-12-15

Title

VK Google Job Posting Manager < 1.2.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2015-08-20

Title

Visitor Maps & Who's Online <= 1.5.8.6 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2016-04-12

Title

Hero Maps Pro <= 2.1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Published

2025-04-24

Title

1 Decembrie 1918 <= 1.dec.2012 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2025-05-19

Title

Coupons & Add to Cart by URL Links for WooCommerce < 1.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting