CVE-2024-9657

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Published: Nov 5, 2024 / Updated: 14d ago

010
CVSS 5.4EPSS 0.09%Medium
CVE info copied to clipboard

Summary

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tooltip' parameter in all versions up to, and including, 5.10.2. This vulnerability is due to insufficient input sanitization and output escaping. It affects authenticated attackers with Contributor-level access and above, allowing them to inject arbitrary web scripts in pages.

Impact

This vulnerability allows authenticated attackers with Contributor-level access or higher to inject malicious scripts into web pages. When users access these injected pages, the scripts will execute in their browsers. This can lead to various impacts such as: 1. Theft of sensitive information, including session cookies and other user data 2. Manipulation of page content, potentially misleading users or damaging the site's reputation 3. Performing unauthorized actions on behalf of the victim user 4. Redirecting users to malicious websites The vulnerability has a CVSS v3.1 base score of 5.4, indicating a medium severity level. The attack complexity is low, but it requires user interaction and some level of privileges.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability has been addressed in versions after 5.10.2 of the Element Pack Elementor Addons plugin for WordPress. The patch was added on 2024-11-08, as indicated by the patchAddedDate in the vulnerability data.

Mitigation

To mitigate this vulnerability, the following steps are recommended: 1. Update the Element Pack Elementor Addons plugin to a version newer than 5.10.2 as soon as possible. 2. If immediate updating is not possible, consider temporarily disabling the plugin or restricting access to it. 3. Implement strong user access controls to limit the number of users with Contributor-level access or higher. 4. Regularly audit and review user permissions to ensure they align with the principle of least privilege. 5. Implement Web Application Firewall (WAF) rules to detect and block XSS attempts. 6. Educate content contributors about the risks of XSS and proper input handling practices. 7. Regularly scan and monitor WordPress installations for any signs of compromise or unexpected behavior.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-9657

Nov 5, 2024 at 12:15 PM
CVSS

A CVSS base score of 6.5 has been assigned.

Nov 5, 2024 at 12:21 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-9657. See article

Nov 5, 2024 at 12:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 5, 2024 at 12:24 PM
EPSS

EPSS Score was set to: 0.09% (Percentile: 37.5%)

Nov 6, 2024 at 10:26 AM
CVSS

A CVSS base score of 5.4 has been assigned.

Nov 8, 2024 at 4:06 PM / nvd
Static CVE Timeline Graph

Affected Systems

Bdthemes/element_pack
+null more

Patches

plugins.trac.wordpress.org
+null more

Attack Patterns

CAPEC-209: XSS Using MIME Type Mismatch
+null more

News

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 4, 2024 to November 10, 2024)
WordPress Plugins with Reported Vulnerabilities Last Week Use constructor to create tables profit-products-tables-for-woocommerce Add Ribbon Shortcode add-ribbon Admin Amplify wpr-admin-amplify Advanced Video Player with Analytics advanced-video-player-with-analytics Adventure Bucket List adventure-bucket-list AgendaPress – Easily Publish Meeting Agendas and Programs on WordPress agendapress Ajax Content Filter ajax-content-filter Alert Me!
Medium - CVE-2024-9657 - The Element Pack Elementor Addons (Header...
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip'...
CVE-2024-9657
Gravedad 3.1 (CVSS 3.1 Base Score) Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CVE-2024-9657 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip' parameter in all versions up to, and including, 5.10.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected...
CVE-2024-9657 | bdthemes Element Pack Elementor Addons Plugin up to 5.10.2 on WordPress tooltip cross site scripting
A vulnerability was found in bdthemes Element Pack Elementor Addons Plugin up to 5.10.2 on WordPress. It has been classified as problematic . This affects an unknown part. The manipulation of the argument tooltip leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-9657 . It is possible to initiate the attack remotely. There is no exploit available.
See 6 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:Required
Scope:Changed
Confidentiality:Low
Integrity:Low
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI