Skip to main content

CVE-2024-0824: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in timstrifler Exclusive Addons for Elementor

Medium
VulnerabilityCVE-2024-0824cvecve-2024-0824cwe-79
Published: Sat Jan 27 2024 (01/27/2024, 04:31:30 UTC)
Source: CVE Database V5
Vendor/Project: timstrifler
Product: Exclusive Addons for Elementor

Description

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

AI-Powered Analysis

AILast updated: 07/07/2025, 23:40:37 UTC

Technical Analysis

CVE-2024-0824 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Exclusive Addons for Elementor WordPress plugin, developed by timstrifler. This vulnerability exists in all versions up to and including 2.6.8 and arises from improper input sanitization and output escaping in the 'Link Anything' functionality. Specifically, authenticated users with contributor-level privileges or higher can inject arbitrary malicious scripts into pages. These scripts are stored persistently and executed in the browsers of any users who visit the compromised pages. The vulnerability is classified under CWE-79, which pertains to improper neutralization of input during web page generation. The CVSS v3.1 base score is 6.4, indicating a medium severity level. The attack vector is network-based (remote), requires low attack complexity, and privileges at the contributor level, but does not require user interaction. The scope is changed, meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality and integrity, allowing attackers to potentially steal session tokens, perform actions on behalf of users, or manipulate displayed content. No known exploits are currently reported in the wild, and no patches have been linked yet. This vulnerability leverages the common WordPress plugin ecosystem, which is widely used for website customization and content management. Stored XSS is particularly dangerous because the malicious payload persists on the server and affects all users accessing the infected content, increasing the attack surface and potential damage.

Potential Impact

For European organizations, this vulnerability poses significant risks, especially for those relying on WordPress websites with the Exclusive Addons for Elementor plugin installed. The ability for contributors to inject persistent scripts can lead to session hijacking, defacement, unauthorized actions, or phishing attacks targeting site visitors and administrators. Confidential information such as user credentials, personal data, or business-sensitive information could be exposed or manipulated. The integrity of the website content can be compromised, damaging brand reputation and trust. Since many European organizations use WordPress for public-facing websites, e-commerce, and intranets, exploitation could disrupt business operations and lead to regulatory non-compliance under GDPR if personal data is compromised. The medium severity score reflects that while exploitation requires authenticated access, the low complexity and lack of user interaction needed make it a credible threat vector. Additionally, the scope change indicates that the vulnerability could affect multiple components or users beyond the initial contributor, amplifying potential impact.

Mitigation Recommendations

European organizations should immediately audit their WordPress installations to identify if the Exclusive Addons for Elementor plugin is installed and determine the version in use. Until an official patch is released, the following specific mitigations are recommended: 1) Restrict contributor-level access strictly to trusted users and review user roles and permissions to minimize exposure. 2) Implement Web Application Firewall (WAF) rules to detect and block suspicious input patterns related to the 'Link Anything' functionality. 3) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected pages. 4) Monitor logs and website content for unexpected script injections or modifications. 5) Consider temporarily disabling or removing the vulnerable plugin if feasible, especially on high-risk or critical sites. 6) Educate site administrators and contributors about the risk of injecting untrusted content. 7) Prepare for rapid deployment of patches once available by subscribing to vendor or security mailing lists. These targeted actions go beyond generic advice by focusing on access control, detection, and containment specific to this vulnerability's exploitation vector.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Wordfence
Date Reserved
2024-01-23T14:22:51.583Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68387d4f182aa0cae28316c9

Added to database: 5/29/2025, 3:29:19 PM

Last enriched: 7/7/2025, 11:40:37 PM

Last updated: 7/31/2025, 9:22:19 AM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats