CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fernando Acosta Make Column Clickable Elementor make-column-clickable-elementor allows Stored XSS.This issue affects Make Column Clickable Elementor: from n/a through <= 1.6.0.
Explanation of Vulnerability in Simple Terms
The Make Column Clickable Elementor plugin through version 1.6.0 contains a stored cross-site scripting (XSS) vulnerability. An authenticated user with low privileges can inject malicious scripts into column settings. When other users view the affected page, the scripts execute in their browsers, potentially compromising their sessions or stealing data. The vulnerability requires user interaction to trigger.
What an attacker can do
Inject malicious scripts that execute when other users view the page, potentially stealing session data or performing actions on their behalf.
Potential impact on your site
Visitors to pages using this plugin may have their sessions compromised or be redirected to malicious sites without their knowledge.
Conditions required to exploit
Attacker must be logged in with low-level privileges and the victim must visit the page containing the malicious column.
Key dates
External resources
Related vulnerabilities
