CVE-2024-2619

MEDIUM

Elementor Header & Footer Builder - Code Injection

Title source: llm
STIX 2.1

Description

The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary HTML in pages that will be shown whenever a user accesses an injected page.

Scores

CVSS v3 5.0
EPSS 0.0038
EPSS Percentile 29.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79 CWE-862
Status published
Products (2)
brainstormforce/elementor_header_\&_footer_builder < 1.6.27
brainstormforce/Ultimate Addons for Elementor < 1.6.26
Published May 16, 2024
Tracked Since Feb 18, 2026