CVE-2024-2491 Information

Description

The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _html_tag attribute of multiple widgets in all versions up to and including 2.7.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Reference

https://www.wordfence.com/threat-intel/vulnerabilities/id/22c4b981-6135-4c44-aa68-f0d51704a68c?source=cve https://plugins.trac.wordpress.org/changeset/3053463/powerpack-lite-for-elementor