CVE-2024-1236
published 2024-02-29CVE-2024-1236: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site…
PriorityP430medium6.4CVSS 3.1
AVNACLPRLUINSCCLILAN
EPSS
0.47%
37.1th percentile
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Filterable Controls label icon parameter in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortiaiops | — | — |
| fortinet | fortinet | — | — |
| fortinet | fortisoar | — | — |
| wpdeveloper | essential_addons_for_elementor | < 5.9.9 | 5.9.9 |
| wpdevteam | essential_addons_for_elementor_popular_elementor_templates_widgets | <= 5.9.8 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Apache Ranger Improper Neutralization of Formula Elements vulnerability
ghsa·2025-03-03
CVE-2024-55532 [LOW] CWE-1236 Apache Ranger Improper Neutralization of Formula Elements vulnerability
Apache Ranger Improper Neutralization of Formula Elements vulnerability
Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0.
Users are recommended to upgrade to version 2.6.0, which fixes this issue.
GHSA
Refuel Autolab Eval Injection vulnerability
ghsa·2024-09-12
CVE-2024-27320 [HIGH] CWE-1236 Refuel Autolab Eval Injection vulnerability
Refuel Autolab Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code will be passed to an eval function which executes it.
GHSA
Refuel Autolab Eval Injection vulnerability
ghsa·2024-09-12
CVE-2024-27321 [HIGH] CWE-1236 Refuel Autolab Eval Injection vulnerability
Refuel Autolab Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file containing Python code, the code will be passed to an eval function which executes it.
GHSA
GHSA-xr6g-q8cc-8f25: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross
ghsa_unreviewed·2024-02-29
CVE-2024-1236 [MEDIUM] CWE-79 GHSA-xr6g-q8cc-8f25: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Filterable Controls label icon parameter in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Fortinet
An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker t...
vendor_fortinet·2025-01-14·CVSS 9.0
CVE-2024-47572 [CRITICAL] CWE-1236 An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker t...
FG-IR-24-210: An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker t...
An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file
CVEs: CVE-2024-47572
CWEs: CWE-1236
CVSS: 9.0 (critical)
Affected products: FortiSOAR, Fortinet
Fortinet
An improper neutralization of formula elements in a CSV File [CWE-1236] vulnerability in Fortinet FortiAIOps 2.0.0 may a...
vendor_fortinet·2024-07-09·CVSS 5.4
CVE-2024-27785 [MEDIUM] CWE-1236 An improper neutralization of formula elements in a CSV File [CWE-1236] vulnerability in Fortinet FortiAIOps 2.0.0 may a...
FG-IR-24-073: An improper neutralization of formula elements in a CSV File [CWE-1236] vulnerability in Fortinet FortiAIOps 2.0.0 may a...
An improper neutralization of formula elements in a CSV File [CWE-1236] vulnerability in Fortinet FortiAIOps 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports.
CVEs: CVE-2024-27785
CWEs: CWE-1236
CVSS: 5.4 (medium)
Affected products: FortiAIOps, FortiAiops, Fortinet
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.php#L3259https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.php#L3261https://plugins.trac.wordpress.org/changeset/3034127/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/43014ecd-72d9-44cc-be24-c0c9790ddc20?source=cvehttps://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.php#L3259https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.php#L3261https://plugins.trac.wordpress.org/changeset/3034127/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/43014ecd-72d9-44cc-be24-c0c9790ddc20?source=cve
2024-02-29
Published