CVE-2024-2618
published 2024-05-24CVE-2024-2618: The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and…
PriorityP423medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.32%
23.9th percentile
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| brainstormforce | elementor_header_footer_builder | < 1.6.27 | 1.6.27 |
| brainstormforce | ultimate_addons_for_elementor | <= 1.6.26 | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
vendor_oracle7.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Accessibility (OpenCV) — CVE-2023-2618
vendor_oracle·2024-04-15·CVSS 7.5
CVE-2023-2618 [MEDIUM] Oracle Oracle Financial Services Applications Risk Matrix: Accessibility (OpenCV) — CVE-2023-2618
Oracle Oracle Financial Services Applications Risk Matrix: Accessibility (OpenCV) vulnerability
CVE: CVE-2023-2618
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2024 (APR 2024)
Oracle
Oracle Oracle Enterprise Manager Risk Matrix: Load Testing for Web Apps (OpenCV) — CVE-2023-2618
vendor_oracle·2024-01-15·CVSS 7.5
CVE-2023-2618 [MEDIUM] Oracle Oracle Enterprise Manager Risk Matrix: Load Testing for Web Apps (OpenCV) — CVE-2023-2618
Oracle Oracle Enterprise Manager Risk Matrix: Load Testing for Web Apps (OpenCV) vulnerability
CVE: CVE-2023-2618
CVSS: 7.5
Protocol: TCP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2024 (JAN 2024)
Suricata
GPL FTP LIST directory traversal attempt
suricata·2010-09-23
CVE-2002-1054 GPL FTP LIST directory traversal attempt
GPL FTP LIST directory traversal attempt
Rule: alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP LIST directory traversal attempt"; flow:established,to_server; content:"LIST"; nocase; content:".."; distance:1; content:".."; distance:1; reference:cve,2002-1054; reference:bugtraq,2618; reference:nessus,11112; reference:cve,2001-0680; classtype:protocol-command-decode; sid:2101992; rev:12; metadata:created_at 2010_09_23, cve CVE_2001_0680, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery; target:dest_ip;)
No public exploits indexed.
https://plugins.trac.wordpress.org/browser/header-footer-elementor/tags/1.6.26/inc/widgets-manager/widgets/class-page-title.php#L494https://plugins.trac.wordpress.org/browser/header-footer-elementor/tags/1.6.26/inc/widgets-manager/widgets/class-site-title.php#L478https://www.wordfence.com/threat-intel/vulnerabilities/id/a780ce1b-0758-42ef-88e7-ff8d921eca6e?source=cvehttps://plugins.trac.wordpress.org/browser/header-footer-elementor/tags/1.6.26/inc/widgets-manager/widgets/class-page-title.php#L494https://plugins.trac.wordpress.org/browser/header-footer-elementor/tags/1.6.26/inc/widgets-manager/widgets/class-site-title.php#L478https://www.wordfence.com/threat-intel/vulnerabilities/id/a780ce1b-0758-42ef-88e7-ff8d921eca6e?source=cve
2024-05-24
Published