从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 插件名称:Element Pack Elementor Addons Content Caption”设置中插入特定的payload,可以触发XSS攻击。 4. 受影响的插件:bdthemes-element-pack-lite,已修复在5.10.3版本中。 5. 参考信息: - CVE编号:CVE-2024-10493 - URL:https://research.cleantalk.org/cve-2024-10493/ 6. 分类: - 类型:XSS - OWASP Top 10:A7: Cross-Site Scripting (XSS) - CWE:CWE-79 - CVSS评分:5.9(中等) 7. 其他信息: - 原始研究者:Dmitrii Ignatyev - 提交者:Dmitrii Ignatyev - 提交者网站:https://www.linkedin.com/in/dmitriy-ignatyev-8a9189267/ - 验证:是 - WPVDB ID:2e7f7196-054b-4cfd-9219-c60bb8275e8d - 发布时间:2024-11-07 - 添加时间:2024-11-07 - 最后更新时间:2024-11-07 - 其他相关漏洞:EventON (Free < 2.2.8, Premium < 4.5.5) - Reflected XSS,Exclusive Addons for Elementor < 2.6.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting,Pixel Cat Lite < 2.6.4 - Reflected Cross-Site Scripting,Social Share Buttons & Analytics Plugin < 4.4 - Admin+ Stored XSS,Livemesh Addons for WPBakery Page Builder < 3.6 - Contributor+ Stored XSS