CVE-2024-47364 in Move Addons for Elementor Plugin
Summary
by MITRE • 10/06/2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moveaddons Move Addons for Elementor move-addons allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through <= 1.3.4.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 04/05/2026
The CVE-2024-47364 vulnerability represents a critical cross-site scripting flaw in the Move Addons for Elementor plugin, specifically impacting versions through 1.3.4. This vulnerability falls under the CWE-79 category of Cross-Site Scripting, which is classified as a stored XSS attack vector. The flaw occurs during the web page generation process when user input is improperly sanitized or neutralized before being rendered in the browser. The vulnerability enables attackers to inject malicious scripts that persist in the application's database and execute whenever affected pages are loaded by other users.
The technical implementation of this vulnerability stems from inadequate input validation and output encoding mechanisms within the plugin's codebase. When administrators or users create content using the Move Addons for Elementor functionality, the system fails to properly sanitize user-supplied data before storing it in the WordPress database. This stored data is then retrieved and displayed on web pages without proper HTML escaping or script context sanitization. Attackers can exploit this by crafting malicious payloads in form fields, text areas, or other input mechanisms that are processed by the plugin, thereby establishing a persistent XSS vector.
The operational impact of CVE-2024-47364 extends beyond simple script execution, as it can lead to complete session hijacking, credential theft, and unauthorized administrative access. Attackers can leverage this vulnerability to inject malicious JavaScript that captures user credentials, modifies content, or redirects users to phishing sites. The stored nature of this XSS vulnerability means that once exploited, the malicious scripts remain active until manually removed from the database, potentially affecting all users who view the compromised pages. This makes the vulnerability particularly dangerous in multi-user environments where administrators may be unaware of the malicious code injection.
Mitigation strategies for this vulnerability should prioritize immediate plugin updates to versions that address the XSS flaw, as the vendor has likely released patches. Organizations should implement comprehensive input validation and output encoding measures, including the use of Content Security Policy headers to limit script execution. The ATT&CK framework categorizes this vulnerability under T1059.007 for scripting languages and T1566 for phishing techniques, highlighting the need for layered defensive measures. Security teams should also conduct thorough audits of all plugins and themes, implement web application firewalls, and establish monitoring protocols to detect unauthorized code modifications. Regular security assessments and vulnerability scanning should be conducted to identify similar flaws in other components of the web application stack.