### [CVE-2024-1234](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1234)
![](https://img.shields.io/static/v1?label=Product&message=Exclusive%20Addons%20for%20Elementor&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.6.9%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)

### Description

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/0x41424142/qualyspy
- https://github.com/0xC1pher/code-agente
- https://github.com/AcidicSoil/OSPAiN2
- https://github.com/AndiisWorld/InfoSecTrackerBot
- https://github.com/ArtPreis/CVEMonitor
- https://github.com/Arun152k/vulnerability-scanner-api
- https://github.com/Bot-Maintains/CodXCD-DevOps-Copilot
- https://github.com/BuildAndDestroy/ai-cve-mcp-server
- https://github.com/BuildAndDestroy/ai-cve-vector-data
- https://github.com/ByteHackr/fedora-cve-dashboard
- https://github.com/Chinzzii/vulnscan
- https://github.com/CraigDonkin/Microsoft-CVE-Lookup
- https://github.com/Cyber-Agents-Fleet/CVE-MCP-Server
- https://github.com/CyberSecAI/cve_dedup
- https://github.com/Dleifnesor/Nexus
- https://github.com/EDJIM143341/Project---Ethical-Hacking-Report
- https://github.com/FerdiGul/euvdmapper
- https://github.com/Hanimn/Workshop-Labs
- https://github.com/JamesH86/NexusPhantom
- https://github.com/JigyasuRajput/vex-updater
- https://github.com/JpaulCRN/complyr
- https://github.com/Kevin-Li-2025/mamg
- https://github.com/KyJr3os/Ethical-Hacking-Technical-Report
- https://github.com/Monica-Sai/kaicyber
- https://github.com/Mr-rakeshnaik/ShodanGUI
- https://github.com/Nitesh-NEU/llm-app-fork
- https://github.com/Ovenoboyo/kai-take-home
- https://github.com/Raymon9/delta-force-booster
- https://github.com/Rotemkal/AutoCVEAnalyzer
- https://github.com/SakamataDenji/bento-bsd
- https://github.com/SeanMooney/ca-bhfuil
- https://github.com/TFSID/CyberAI
- https://github.com/TFSID/Trainee
- https://github.com/TFury30/CheckCVE
- https://github.com/Vistaminc/AliyunCVE_Crawler
- https://github.com/West-wise/nuclei_template_generater
- https://github.com/Xdoom99/ThreatIntel-NLP
- https://github.com/adhir-potdar/cve-mcp
- https://github.com/aditikilledar/SecurityScanAPI
- https://github.com/ai-agents-cybersecurity/NVD-Extractor
- https://github.com/alans0011/nist-cve-api
- https://github.com/amitbisoyi/W.V.S
- https://github.com/anthonyharrison/vex2doc
- https://github.com/arielkl9/AI-Threat-Intel
- https://github.com/barghava/portfolio
- https://github.com/bibo318/Cyberbugs-Tracker
- https://github.com/cd1zz/servicenow-security-copilot
- https://github.com/chanduusc/Devops-task
- https://github.com/cheongcode/n0h4ts-discord-bot
- https://github.com/chinocchio/EthicalHacking
- https://github.com/chriszubiaga/cvedetails-scraper
- https://github.com/crozzy/vex-mcp
- https://github.com/csgol/ThreatFetch
- https://github.com/ctrliq/kernel-src-tree-tools
- https://github.com/cyse7125-su24-team09/llm-app
- https://github.com/danieleschmidt/provenance-graph-sbom-linker
- https://github.com/dhbarman/vulnerability
- https://github.com/dig-sec/autonomous_research
- https://github.com/dumpnidadai/Ethical_Final
- https://github.com/erinczarnecki/pairing_interview_erin_czarnecki
- https://github.com/hafedh049/SecureTenants-Multi-Tenant-SaaS-CI-CD-DevSecOps-Platform
- https://github.com/hatlesswizard/PatchLeaks
- https://github.com/hruthwikkk/vulnerability_scanner
- https://github.com/ihrishikesh0896/vulnreach
- https://github.com/isarax3al/CognitiveVulnerabilityManager
- https://github.com/jayvishaalj/JSON_Vulnerability_Scan_Parser
- https://github.com/kagesensei/SimpleSpacy
- https://github.com/kaitlinmannings/Security_Lab
- https://github.com/kartikeya55555/vulnerability-scanner
- https://github.com/kayoMichael/CVE
- https://github.com/kettu-studio/openreport
- https://github.com/kharonsec/CVE_Bot
- https://github.com/ktfth/soft-awake
- https://github.com/kwkeefer/cookiecutter-poc
- https://github.com/lengo0951/cve-hunter
- https://github.com/lgopalab/vulnerability-scan
- https://github.com/luckYYz/suppress-checker
- https://github.com/mauvehed/kevvy
- https://github.com/mingyeongbae93/mingyeongbae93
- https://github.com/mkdemir/cve-harbor
- https://github.com/mncbndy/Final-Project---Ethical-Hacking-Report
- https://github.com/mxgms/debian-audit
- https://github.com/nattino9/Ethical-Hacking-Finals-Project
- https://github.com/nikhila26/github-vuln-scanner
- https://github.com/nilayjain12/github-scanner
- https://github.com/noforn/BREATHLESSSYMPHONY
- https://github.com/oujunke/ServerShield
- https://github.com/ozanunal0/viper
- https://github.com/pranavipranz/cve-analyst-langgraph
- https://github.com/pre-msc-2027/api
- https://github.com/projectdiscovery/cvemap
- https://github.com/r00tH3x/CVEHunterX
- https://github.com/realhugn/sploitus_crawler
- https://github.com/reicalasso/pinguard
- https://github.com/rezaduty/QueryExploit-Notebook
- https://github.com/sachinak/go-project
- https://github.com/secureta/vulnerability-links
- https://github.com/shrutii253/cve-intelligent-chatbot
- https://github.com/snkzt/cve-explainer-workflow
- https://github.com/souben/vul-scanner
- https://github.com/soubhi/CVEScanner
- https://github.com/sscafi/firmwareAnalyzer
- https://github.com/vertexneuralforge/Machine-Learning-Based-Exploitability-Prediction-for-Penetration-Testing
- https://github.com/vikramaditya-tatke/dlt-pipeline-examples
- https://github.com/williamzujkowski/NOPE
- https://github.com/yeger00/kev-mcp
- https://github.com/zoocandoit/snort-helper