CVE-2024-8858 | Elementor Addons by Livemesh <= 8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via piechart_settings Parameter
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘piechart_settings’ parameter in all versions up to, and including, 8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-47303 is likely a duplicate of this issue.
Conclusion & alert: CVE-2024-8858 is rated Moderate Risk (42.6/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.26%).Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Exploit prediction scoring system (EPSS) score for CVE-2024-8858
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).