CVE-2024-1235 in Elementor Addons Plugin
Summary
by MITRE • 02/29/2024
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom class field in all versions up to, and including, 8.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 04/20/2025
The vulnerability identified as CVE-2024-1235 affects the Elementor Addons by Livemesh plugin for WordPress, representing a critical stored cross-site scripting flaw that has been present in all versions up to and including 8.3.2. This security weakness stems from inadequate input sanitization and output escaping mechanisms within the plugin's custom class field implementation. The vulnerability specifically targets authenticated attackers who possess contributor-level access or higher privileges within WordPress installations, making it particularly concerning for sites with multiple users or collaborative environments where less privileged accounts might be compromised.
The technical exploitation of this vulnerability occurs through the manipulation of the custom class field functionality within the plugin's administrative interface. When an authenticated attacker with sufficient privileges enters malicious script code into this field, the input is not properly sanitized or escaped before being stored in the database. Subsequently, when any user accesses a page that contains this injected content, the malicious script executes in the victim's browser context. This stored XSS vulnerability creates a persistent threat where the malicious code remains embedded in the website's content and executes automatically whenever affected pages are loaded, potentially affecting all users who access those pages regardless of their privilege levels.
The operational impact of this vulnerability extends beyond simple script execution, as it can enable attackers to perform a wide range of malicious activities including credential theft, session hijacking, defacement of website content, and redirection to malicious sites. The vulnerability's accessibility to contributors and higher privilege levels means that even less privileged users within a WordPress environment could potentially compromise the entire site's security. This makes the vulnerability particularly dangerous in collaborative environments where multiple users have varying degrees of access to the content management system. The stored nature of the vulnerability means that the malicious payload persists even after the initial injection, creating a long-term threat that can affect users for extended periods until the vulnerability is patched and the malicious code is removed from the database.
Organizations affected by this vulnerability should immediately implement mitigations including updating to the latest version of the Elementor Addons by Livemesh plugin where the XSS vulnerability has been addressed. System administrators should also consider implementing additional security measures such as input validation at multiple layers, output escaping for all user-provided content, and regular security audits of WordPress plugins and themes. The vulnerability aligns with CWE-79 which specifically addresses cross-site scripting flaws, and maps to ATT&CK technique T1566.001 for initial access through malicious content. Administrators should also consider implementing web application firewalls to help detect and prevent exploitation attempts while awaiting patch deployment, and conduct thorough testing of all security updates before deployment to ensure system stability and prevent potential service disruptions.
The remediation process should include not only patching the vulnerable plugin but also reviewing all existing content for potential malicious injection and implementing comprehensive monitoring of user activities within the WordPress administrative interface. Security teams should establish procedures for regularly auditing plugin versions and ensuring that all third-party components are kept up to date with the latest security patches. This vulnerability underscores the importance of maintaining strict input validation and output escaping practices in web applications, particularly in content management systems where user-generated content is frequently processed and displayed. Regular security assessments and vulnerability scanning should be implemented to identify similar issues in other plugins or themes that may present similar security risks to the WordPress ecosystem.