CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2021-24891 – Elementor < 3.4.8 - DOM Cross-Site-Scripting
https://notcve.org/view.php?id=CVE-2021-24891
The Elementor Website Builder WordPress plugin before 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue. El plugin Elementor Website Builder de WordPress versiones anteriores a 3.4.8, no sanea ni escapa de la entrada del usuario añadida al DOM por medio de un hash malicioso, resultando en un problema de tipo Cross-Site Scripting DOM The Elementor Website Builder plugin for WordPress is vulnerable to DOM-based Cross-Site Scripting via the '#elementor-action:action=lightbox&settings=' DOM in versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/fbed0daa-007d-4f91-8d87-4bca7781de2d https://www.jbelamor.com/xss-elementor-lightox.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24201 – Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Column Element
https://notcve.org/view.php?id=CVE-2021-24201
In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. En el plugin de WordPress Elementor Website Builder versiones anteriores a 3.1.4, el elemento column (el archivo includes/elements/column.php) acepta un parámetro "html_tag". Aunque el control de elementos enumera un conjunto fijo de posibles etiquetas html, es posible que un usuario con permisos de colaborador o superiores envíe una petición ‘save_builder’ modificada que contenga JavaScript en el parámetro "html_tag", que no es filtrado y se emite sin escapar. • https://wpscan.com/vulnerability/9647f516-b130-4cc8-85fb-2e69b034ced0 https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24205 – Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget
https://notcve.org/view.php?id=CVE-2021-24205
In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. En el plugin de WordPress Elementor Website Builder versiones anteriores a 3.1.4, el widget icon box (el archivo includes/widgets/icon-box.php) acepta un parámetro "title_size". Aunque el control de elementos enumera un conjunto fijo de posibles etiquetas html, es posible que un usuario con permisos de Colaborador o superiores envíe una petición "save_builder" modificada que contenga JavaScript en el parámetro "title_size", que no se filtra y se genera sin escapar . • https://wpscan.com/vulnerability/ef23df6d-e265-44f6-bb94-1005b16d34d9 https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24202 – Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget
https://notcve.org/view.php?id=CVE-2021-24202
In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘title’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed. En el plugin de WordPress Elementor Website Builder versiones anteriores a 3.1.4, el widget heading (el archivo includes/widgets/heading.php) acepta un parámetro "header_size". Aunque el control de elementos enumera un conjunto fijo de posibles etiquetas html, es posible que un usuario con permisos de Colaborador o superiores envíe una petición "save_builder" modificada con este parámetro establecido en "script" y combinado con un parámetro de "títle" que contenga JavaScript , que luego será ejecutado cuando la página guardada es visualizada o previsualizada • https://wpscan.com/vulnerability/b72bd13d-c8e2-4347-b009-542fc0fe21bb https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24203 – Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Divider Widget
https://notcve.org/view.php?id=CVE-2021-24203
In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘text’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed. En el plugin de WordPress Elementor Website Builder versiones anteriores a 3.1.4, el widget divisor (el archivo includes/widgets/divider.php) acepta un parámetro "html_tag". Aunque el control de elementos enumera un conjunto fijo de posibles etiquetas html, es posible que un usuario con permisos de Colaborador o superiores envíe una petición "save_builder" modificada con este parámetro establecido en '"script" y combinado con un parámetro de "text" que contenga JavaScript , que luego será ejecutado cuando la página guardada es visualizada o previsualizada • https://wpscan.com/vulnerability/aa152ad0-5b3d-4d1f-88f4-6899a546e72e https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •