CVE-2024-0824: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in timstrifler Exclusive Addons for Elementor
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI Analysis
Technical Summary
CVE-2024-0824 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Exclusive Addons for Elementor WordPress plugin, developed by timstrifler. This vulnerability exists in all versions up to and including 2.6.8 and arises from improper input sanitization and output escaping in the 'Link Anything' functionality. Specifically, authenticated users with contributor-level privileges or higher can inject arbitrary malicious scripts into pages. These scripts are stored persistently and executed in the browsers of any users who visit the compromised pages. The vulnerability is classified under CWE-79, which pertains to improper neutralization of input during web page generation. The CVSS v3.1 base score is 6.4, indicating a medium severity level. The attack vector is network-based (remote), requires low attack complexity, and privileges at the contributor level, but does not require user interaction. The scope is changed, meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality and integrity, allowing attackers to potentially steal session tokens, perform actions on behalf of users, or manipulate displayed content. No known exploits are currently reported in the wild, and no patches have been linked yet. This vulnerability leverages the common WordPress plugin ecosystem, which is widely used for website customization and content management. Stored XSS is particularly dangerous because the malicious payload persists on the server and affects all users accessing the infected content, increasing the attack surface and potential damage.
Potential Impact
For European organizations, this vulnerability poses significant risks, especially for those relying on WordPress websites with the Exclusive Addons for Elementor plugin installed. The ability for contributors to inject persistent scripts can lead to session hijacking, defacement, unauthorized actions, or phishing attacks targeting site visitors and administrators. Confidential information such as user credentials, personal data, or business-sensitive information could be exposed or manipulated. The integrity of the website content can be compromised, damaging brand reputation and trust. Since many European organizations use WordPress for public-facing websites, e-commerce, and intranets, exploitation could disrupt business operations and lead to regulatory non-compliance under GDPR if personal data is compromised. The medium severity score reflects that while exploitation requires authenticated access, the low complexity and lack of user interaction needed make it a credible threat vector. Additionally, the scope change indicates that the vulnerability could affect multiple components or users beyond the initial contributor, amplifying potential impact.
Mitigation Recommendations
European organizations should immediately audit their WordPress installations to identify if the Exclusive Addons for Elementor plugin is installed and determine the version in use. Until an official patch is released, the following specific mitigations are recommended: 1) Restrict contributor-level access strictly to trusted users and review user roles and permissions to minimize exposure. 2) Implement Web Application Firewall (WAF) rules to detect and block suspicious input patterns related to the 'Link Anything' functionality. 3) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected pages. 4) Monitor logs and website content for unexpected script injections or modifications. 5) Consider temporarily disabling or removing the vulnerable plugin if feasible, especially on high-risk or critical sites. 6) Educate site administrators and contributors about the risk of injecting untrusted content. 7) Prepare for rapid deployment of patches once available by subscribing to vendor or security mailing lists. These targeted actions go beyond generic advice by focusing on access control, detection, and containment specific to this vulnerability's exploitation vector.
Affected Countries
Germany, United Kingdom, France, Netherlands, Italy, Spain, Poland, Sweden
CVE-2024-0824: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in timstrifler Exclusive Addons for Elementor
Description
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI-Powered Analysis
Technical Analysis
CVE-2024-0824 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Exclusive Addons for Elementor WordPress plugin, developed by timstrifler. This vulnerability exists in all versions up to and including 2.6.8 and arises from improper input sanitization and output escaping in the 'Link Anything' functionality. Specifically, authenticated users with contributor-level privileges or higher can inject arbitrary malicious scripts into pages. These scripts are stored persistently and executed in the browsers of any users who visit the compromised pages. The vulnerability is classified under CWE-79, which pertains to improper neutralization of input during web page generation. The CVSS v3.1 base score is 6.4, indicating a medium severity level. The attack vector is network-based (remote), requires low attack complexity, and privileges at the contributor level, but does not require user interaction. The scope is changed, meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality and integrity, allowing attackers to potentially steal session tokens, perform actions on behalf of users, or manipulate displayed content. No known exploits are currently reported in the wild, and no patches have been linked yet. This vulnerability leverages the common WordPress plugin ecosystem, which is widely used for website customization and content management. Stored XSS is particularly dangerous because the malicious payload persists on the server and affects all users accessing the infected content, increasing the attack surface and potential damage.
Potential Impact
For European organizations, this vulnerability poses significant risks, especially for those relying on WordPress websites with the Exclusive Addons for Elementor plugin installed. The ability for contributors to inject persistent scripts can lead to session hijacking, defacement, unauthorized actions, or phishing attacks targeting site visitors and administrators. Confidential information such as user credentials, personal data, or business-sensitive information could be exposed or manipulated. The integrity of the website content can be compromised, damaging brand reputation and trust. Since many European organizations use WordPress for public-facing websites, e-commerce, and intranets, exploitation could disrupt business operations and lead to regulatory non-compliance under GDPR if personal data is compromised. The medium severity score reflects that while exploitation requires authenticated access, the low complexity and lack of user interaction needed make it a credible threat vector. Additionally, the scope change indicates that the vulnerability could affect multiple components or users beyond the initial contributor, amplifying potential impact.
Mitigation Recommendations
European organizations should immediately audit their WordPress installations to identify if the Exclusive Addons for Elementor plugin is installed and determine the version in use. Until an official patch is released, the following specific mitigations are recommended: 1) Restrict contributor-level access strictly to trusted users and review user roles and permissions to minimize exposure. 2) Implement Web Application Firewall (WAF) rules to detect and block suspicious input patterns related to the 'Link Anything' functionality. 3) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected pages. 4) Monitor logs and website content for unexpected script injections or modifications. 5) Consider temporarily disabling or removing the vulnerable plugin if feasible, especially on high-risk or critical sites. 6) Educate site administrators and contributors about the risk of injecting untrusted content. 7) Prepare for rapid deployment of patches once available by subscribing to vendor or security mailing lists. These targeted actions go beyond generic advice by focusing on access control, detection, and containment specific to this vulnerability's exploitation vector.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-01-23T14:22:51.583Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68387d4f182aa0cae28316c9
Added to database: 5/29/2025, 3:29:19 PM
Last enriched: 7/7/2025, 11:40:37 PM
Last updated: 7/31/2025, 9:22:19 AM
Views: 10
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.