Skip to main content

Addons For Elementor CVE-2022-3862

MEDIUM
2022-12-12 contact@wpscan.com
4.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 12, 2022 - 18:15 nvd
MEDIUM 4.8

DescriptionNVD

The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

AnalysisAI

The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). Affected products include: Livemeshelementor Addons For Elementor. Version information: before 7.2.4.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-24260 MEDIUM POC
5.4 May 05

The “Livemesh Addons for Elementor” WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-

CVE-2024-2385 HIGH
8.8 Jul 04

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and i

CVE-2024-25598 MEDIUM
6.5 Mar 15

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Livemesh

CVE-2024-27986 MEDIUM
6.5 Mar 14

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Elementor

CVE-2024-2926 MEDIUM
6.4 Jul 04

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widg

CVE-2024-2655 MEDIUM
6.4 Apr 10

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post

CVE-2024-8858 MEDIUM
6.4 Sep 25

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘piechart_set

CVE-2024-1235 MEDIUM
6.4 Feb 29

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom class

CVE-2024-3638 MEDIUM
6.4 Jul 04

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Marq

CVE-2024-1466 MEDIUM
6.4 Apr 09

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slider_style

CVE-2024-1465 MEDIUM
6.4 Apr 09

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘carousel_ski

CVE-2024-1464 MEDIUM
6.4 Apr 09

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attri

Share

CVE-2022-3862 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy