CVE-2024-10310

Name of the Vulnerable Software and Affected Versions Element Pack Elementor Addons versions up to, and including, 5.10.1

Description The vulnerability is a Stored Cross-Site Scripting issue due to insufficient input sanitization and output escaping in the Custom Gallery Widget image title parameter. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Recommendations For versions up to, and including, 5.10.1, update the plugin to the latest patched version immediately to mitigate risks. As a temporary workaround, consider restricting access to the Custom Gallery Widget until a patch is available. Avoid using the image title parameter in the affected widget until the issue is resolved.