CVE-2024-0448 in Elementor Addons Plugin
Summary
by MITRE • 02/06/2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 04/11/2026
The vulnerability identified as CVE-2024-0448 affects the Elementor Addons by Livemesh plugin for WordPress, representing a critical security flaw that enables stored cross-site scripting attacks. This issue exists in all versions up to and including 8.3.1, making it a widespread concern for WordPress administrators and security professionals. The vulnerability specifically targets the plugin's widget URL parameters, which are processed without adequate input sanitization or output escaping mechanisms. Attackers can exploit this weakness to inject malicious scripts that persist in the application's database and execute whenever affected pages are accessed by unsuspecting users.
The technical flaw stems from insufficient validation of user-supplied input within the plugin's widget functionality. When administrators or contributors create or modify widgets through the WordPress admin interface, the plugin fails to properly sanitize URL parameters that are later stored and executed. This represents a classic stored XSS vulnerability where malicious code is injected into the application's persistent storage rather than being reflected in a single request. The vulnerability is particularly concerning because it requires only contributor-level access, which is often granted to trusted users who may not be fully security-aware. This low privilege requirement significantly expands the potential attack surface and makes the vulnerability more dangerous in real-world scenarios.
The operational impact of this vulnerability extends beyond simple script execution, as it can enable sophisticated attack vectors including session hijacking, credential theft, and data exfiltration. When authenticated users access pages containing the injected scripts, the malicious code executes in their browser context, potentially allowing attackers to steal cookies, session tokens, or other sensitive information. The stored nature of the vulnerability means that once exploited, the malicious scripts remain active until manually removed from the database, providing attackers with persistent access to compromised sites. This vulnerability directly maps to CWE-79, which describes cross-site scripting flaws due to insufficient input sanitization, and aligns with ATT&CK technique T1059.008 for command and scripting interpreter, as attackers can leverage the stored scripts to execute arbitrary commands or establish further footholds within the compromised environment.
Mitigation strategies should focus on immediate plugin updates to versions that address the sanitization and escaping issues, along with comprehensive security auditing of existing content. Administrators should implement strict input validation for all user-generated content and consider implementing content security policies to limit script execution capabilities. Regular security monitoring and user access reviews are essential to detect unauthorized modifications, while the principle of least privilege should be enforced to minimize potential damage from compromised accounts. Additionally, implementing web application firewalls and regular vulnerability scanning can provide additional layers of protection against exploitation attempts. The vulnerability highlights the critical importance of proper input sanitization and output escaping in web applications, particularly those handling user-generated content through admin interfaces.