CVE-2024-13113

{"id": "CVE-2024-13113", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 1.7}]}, "published": "2025-02-26T13:15:36.710", "references": [{"url": "https://wpscan.com/vulnerability/ffc31d9d-d245-4c4b-992d-394a01798117/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks."}, {"lang": "es", "value": "El complemento Countdown Timer for Elementor de WordPress anterior a la versi\u00f3n 1.3.7 no depura ni escapa algunos par\u00e1metros al mostrarlos en la p\u00e1gina, lo que podr\u00eda permitir que los usuarios con un rol tan bajo como colaborador realicen ataques de cross site scripting."}], "lastModified": "2025-05-15T20:52:38.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:flickdevs:countdown_timer_for_elementor:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "C89CEDD4-3A46-4FF2-A0C3-D39FBC1DD4A7", "versionEndExcluding": "1.3.7"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}