Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-vtah-dxa9-k7g7

Summary The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget's effect setting in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Aliases

alias	CVE-2024-1422

Fixed_packages

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-1422

reference_id

reference_type

scores

value	0.00172
scoring_system	epss
scoring_elements	0.38269
published_at	2026-06-11T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38455
published_at	2026-06-14T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38466
published_at	2026-06-13T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38443
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-1422

reference_url

https://www.wordfence.com/threat-intel/vulnerabilities/id/4ba28184-b5c3-4a5c-a376-29b3c6a2aa20?source=cve

reference_id

4ba28184-b5c3-4a5c-a376-29b3c6a2aa20?source=cve

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T17:59:21Z/

url

https://www.wordfence.com/threat-intel/vulnerabilities/id/4ba28184-b5c3-4a5c-a376-29b3c6a2aa20?source=cve

reference_url

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037925%40addon-elements-for-elementor-page-builder%2Ftrunk&old=3031349%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file26

reference_id

changeset?sfp_email=&sfph_mail=&reponame=&new=3037925%40addon-elements-for-elementor-page-builder%2Ftrunk&old=3031349%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file26

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T17:59:21Z/

url

reference_url

https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/modal-popup/widgets/modal-popup.php#L1048

reference_id

modal-popup.php#L1048

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T17:59:21Z/

url

https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/modal-popup/widgets/modal-popup.php#L1048

reference_url

https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/modal-popup/widgets/modal-popup.php#L1062

reference_id

modal-popup.php#L1062

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T17:59:21Z/

url

https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/modal-popup/widgets/modal-popup.php#L1062

Weaknesses

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Exploits

Severity_range_score 6.4 - 6.4

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vtah-dxa9-k7g7

Vulnerability Instance