CVE-2024-47383 MEDIUM

CVE-2024-47383: WordPress The Pack Elementor addons plugin 2.0.8.8 - Cross Site Scripting (XSS) vulnerability

Vendor Webangon
Product The Pack Elementor addons
Weakness CWE-79 · XSS
Published October 5, 2024
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

5.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons the-pack-addon allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through <= 2.0.8.8.

Key dates

02Disclosure timeline

October 5, 2024 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-50514 WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.8.16 - Cross Site Scripting (XSS) vulnerability CVE-2021-24874 Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.31 - Reflected Cross-Site Scripting CVE-2026-1244 Forms Bridge <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute CVE-2025-60141 WordPress The Tribal Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability CVE-2024-12506 NACC WordPress Plugin <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting