cleantalk
Vulnerabilities and Security Researches

Gum Elementor Addon, CVE-2024-2348

CVE, Research URL

CVE-2024-2348

Home page URL

Security reports for Gum Elementor Addon

Application

Gum Elementor Addon

Published on
Apr 10, 2024
Research Description
The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Meta widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.3.3.
Status
vulnerable
Previous vulnerability researches
Gum Elementor Addon (CVE-2025-30800) , Apr 01, 2025
Gum Elementor Addon (CVE-2024-44027) , Sep 28, 2024
Gum Elementor Addon (CVE-2024-44035) , Sep 28, 2024
Gum Elementor Addon (CVE-2024-4668) , Jun 07, 2024
Gum Elementor Addon (CVE-2024-2348) , Jun 07, 2024
New vulnerability
Contact Form vCard Generator (CVE-2025-31582) , Apr 04, 2025
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2025-1663) , Apr 04, 2025
AI Search Bar (CVE-2025-31563) , Apr 04, 2025
Ship Per Product (CVE-2025-31773) , Apr 04, 2025
ContentBot AI Writer (ChatGPT, GPT3, GPT4) (CVE-2025-31818) , Apr 04, 2025