CVE-2024-8921

Published
View on NVD ↗
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

The Zita Elementor Site Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

Zita Site Library for Elementor
Zita Site Library for Elementor
<p>Zita site library is a addon plugin for Zita WordPress theme. This plugin contain 21+ ready to use sites for nearly all niches (like : corporate, store, agency, blog, portfolio, restaurant, wedding, construction, hospital, school, interior, car workshop, life coach, wine shop, barber shop, furniture shop, yoga, resume, charity, digital marketing etc ). You can import these sites with a single click. <a href="https://wpzita.com/docs/how-to-install-zita-site-library-plugin/" rel="nofollow ugc">Please check doc for more info :</a></p>
WordPress Plugin DirectoryWordPress Plugin Directory
99.1K