Donot APT Group – Active IOCs
October 21, 2024Threat Actors Use Roundcube Webmail XSS Flaw for Stealing Credentials – Active IOCs
October 21, 2024Donot APT Group – Active IOCs
October 21, 2024Threat Actors Use Roundcube Webmail XSS Flaw for Stealing Credentials – Active IOCs
October 21, 2024Severity
Medium
Analysis Summary
CVE-2024-49248 CVSS:7.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Igor Funa Ad Inserter allows Reflected XSS.This issue affects Ad Inserter: from n/a through 2.7.37.
CVE-2024-49255 CVSS:6.5
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Daniele Alessandra Da Reactions allows Stored XSS.This issue affects Da Reactions: from n/a through 5.1.5.
CVE-2024-49259 CVSS:6.5
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.8.
CVE-2024-49261 CVSS:6.5
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.23.0.
CVE-2024-49262 CVSS:6.5
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wepic Country Flags for Elementor allows Stored XSS.This issue affects Country Flags for Elementor: from n/a through 1.0.1.
CVE-2024-49263 CVSS:6.5
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Takashi Matsuyama My Favorites allows Stored XSS.This issue affects My Favorites: from n/a through 1.4.1.
CVE-2024-49264 CVSS:6.5
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Events Addon for Elementor allows Stored XSS.This issue affects Events Addon for Elementor: from n/a through 2.2.0.
CVE-2024-49276 CVSS:7.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themis Solutions, Inc. Clio Grow allows Reflected XSS.This issue affects Clio Grow: from n/a through 1.0.2.
CVE-2024-49277 CVSS:6.5
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeAstrology Team UltraAddons Elementor Lite allows Stored XSS.This issue affects UltraAddons Elementor Lite: from n/a through 1.1.8.
CVE-2024-49278 CVSS:6.5
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in omnipressteam Omnipress allows Stored XSS.This issue affects Omnipress: from n/a through 1.4.3.
Impact
- Cross Site Scripting
Indicators of Compromise
CVE
- CVE-2024-49248
- CVE-2024-49255
- CVE-2024-49259
- CVE-2024-49261
- CVE-2024-49262
- CVE-2024-49263
- CVE-2024-49264
- CVE-2024-49276
- CVE-2024-49277
- CVE-2024-49278
Affected Vendors
Affected Products
- Igor Funa Ad Inserter - n/a
- Daniele Alessandra Da Reactions - n/a
- wepic Country Flags for Elementor - n/a
- Takashi Matsuyama My Favorites - n/a
- NicheAddons Events Addon for Elementor - n/a
- CodeAstrology Team UltraAddons Elementor Lite - n/a
- NicheAddons Primary Addon for Elementor - n/a
Remediation
Upgrade to the latest version for WordPress, available from the WordPress Plugin Directory.