CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1521 – Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Widget SVGZ File Upload
https://notcve.org/view.php?id=CVE-2024-1521
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability is only exploitable on web servers running NGINX. It is not exploitable on web servers running Apache HTTP Server. El complemento Elementor Website Builder Pro para WordPress es vulnerable a cross-site scripting almacenado a través de un archivo SVGZ cargado a través del widget de formulario en todas las versiones hasta la 3.20.1 incluida debido a una sanitización de entrada y un escape de salida insuficientes. • https://elementor.com/pro/changelog/?utm_source=wp-plugins&utm_campaign=pro-changelog&utm_medium=wp-dash https://www.wordfence.com/threat-intel/vulnerabilities/id/ecd01ea6-9476-47e1-9959-3f8d9ce1c1f3?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48777 – WordPress Elementor plugin 3.3.0-3.18.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2023-48777
Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Elementor.Com Elementor Website Builder. Este problema afecta a Elementor Website Builder: desde 3.3.0 hasta 3.18.1. The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Remote Code Execution via file upload in all versions up to and including 3.18.1 via the template import functionality. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files and execute code on the server. • https://github.com/AkuCyberSec/Elementor-3.18.0-Upload-Path-Traversal-RCE-CVE-2023-48777 https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-18-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47505 – WordPress Elementor Website Builder Plugin <= 3.16.4 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-47505
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor.Com Elementor allows Cross-Site Scripting (XSS).This issue affects Elementor: from n/a through 3.16.4. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ("Cross-site Scripting") en Elementor.Com Elementor permite Cross-Site Scripting (XSS). Este problema afecta a Elementor: desde n/a hasta 3.16.4. The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the get_inline_svg() function in versions up to, and including, 3.16.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/articles/arbitrary-attachment-render-to-xss-in-elementor-plugin?_s_id=cve https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-16-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2022-4953 – Elementor < 3.5.5 - Iframe Injection
https://notcve.org/view.php?id=CVE-2022-4953
The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs. The Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘settings’ hash parameter in versions up to, and including, 3.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary iframes in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. WordPress Elementor plugin versions prior to 3.5.5 suffer from an iframe injection vulnerability. • https://www.exploit-db.com/exploits/51716 https://github.com/elementor/elementor/commit/292fc49e0f979bd52d838f0326d1faaebfa59f5e https://wpscan.com/vulnerability/8273357e-f9e1-44bc-8082-8faab838eda7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0329 – Elementor Website Builder < 3.12.2 - Admin+ SQLi
https://notcve.org/view.php?id=CVE-2023-0329
The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role. The Elementor plugin for WordPress is vulnerable to blind SQL Injection via the 'replace_urls' functionality in versions up to, and including, 3.12.1 due to insufficient escaping on the user supplied 'old' and 'new' parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Elementor Website Builder versions prior to 3.12.2 suffer from a remote SQL injection vulnerability. • http://packetstormsecurity.com/files/175639/Elementor-Website-Builder-SQL-Injection.html https://wpscan.com/vulnerability/a875836d-77f4-4306-b275-2b60efff1493 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •