CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 7CVE-2022-29455 – WordPress Elementor plugin <= 3.5.5 - Unauthenticated DOM-based Reflected Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-29455
DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions. Una Vulnerabilidad de tipo Cross-Site Scripting (XSS) basada en el DOM en el plugin Elementor Website Builder de Elementor en versiones anteriores a 3.5.5 The Elementor Website Builder plugin for WordPress is vulnerable to Unauthenticated DOM-based Reflected Cross-Site Scripting via the ‘videoType’ and 'onError' parameter in the lightbox module in versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://github.com/akhilkoradiya/CVE-2022-29455 https://github.com/yaudahbanh/CVE-2022-29455 https://github.com/0xc4t/CVE-2022-29455 https://github.com/GULL2100/Wordpress_xss-CVE-2022-29455 https://github.com/tucommenceapousser/CVE-2022-29455 https://github.com/tucommenceapousser/CVE-2022-29455-mass https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-5-5-unauthenticated-dom-based-reflected-cross-site-scripting-xss-vulnerability https://rotem-bar.com/hacking-65-million-websi • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 96%CPEs: 1EXPL: 8CVE-2022-1329 – Elementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code Execution
https://notcve.org/view.php?id=CVE-2022-1329
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2. El plugin Elementor Website Builder para WordPress es vulnerable a una ejecución no autorizada de varias acciones AJAX debido a una falta de una comprobación de capacidad en el archivo ~/core/app/modules/onboarding/module.php que hace posible que atacantes modifiquen los datos del sitio además de cargar archivos maliciosos que pueden usarse para obtener una ejecución de código remota, en las versiones 3.6.0 a 3.6.2 WordPress Elementor plugin versions 3.6.0 through 3.6.2 suffer from a remote shell upload vulnerability. This is achieved by sending a request to install Elementor Pro from a user supplied zip file. Any user with Subscriber or more permissions is able to execute this. • https://github.com/mcdulltii/CVE-2022-1329 https://github.com/AkuCyberSec/CVE-2022-1329-WordPress-Elementor-3.6.0-3.6.1-3.6.2-Remote-Code-Execution-Exploit https://github.com/Grazee/CVE-2022-1329-WordPress-Elementor-RCE https://github.com/phanthibichtram12/CVE-2022-1329 https://github.com/dexit/CVE-2022-1329 http://packetstormsecurity.com/files/168615/WordPress-Elementor-3.6.2-Shell-Upload.html https://plugins.trac.wordpress.org/changeset/2708766/elementor/trunk/core/app/modules/onboarding&#x • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2021-24891 – Elementor < 3.4.8 - DOM Cross-Site-Scripting
https://notcve.org/view.php?id=CVE-2021-24891
The Elementor Website Builder WordPress plugin before 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue. El plugin Elementor Website Builder de WordPress versiones anteriores a 3.4.8, no sanea ni escapa de la entrada del usuario añadida al DOM por medio de un hash malicioso, resultando en un problema de tipo Cross-Site Scripting DOM The Elementor Website Builder plugin for WordPress is vulnerable to DOM-based Cross-Site Scripting via the '#elementor-action:action=lightbox&settings=' DOM in versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/fbed0daa-007d-4f91-8d87-4bca7781de2d https://www.jbelamor.com/xss-elementor-lightox.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24201 – Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Column Element
https://notcve.org/view.php?id=CVE-2021-24201
In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. En el plugin de WordPress Elementor Website Builder versiones anteriores a 3.1.4, el elemento column (el archivo includes/elements/column.php) acepta un parámetro "html_tag". Aunque el control de elementos enumera un conjunto fijo de posibles etiquetas html, es posible que un usuario con permisos de colaborador o superiores envíe una petición ‘save_builder’ modificada que contenga JavaScript en el parámetro "html_tag", que no es filtrado y se emite sin escapar. • https://wpscan.com/vulnerability/9647f516-b130-4cc8-85fb-2e69b034ced0 https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24205 – Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget
https://notcve.org/view.php?id=CVE-2021-24205
In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. En el plugin de WordPress Elementor Website Builder versiones anteriores a 3.1.4, el widget icon box (el archivo includes/widgets/icon-box.php) acepta un parámetro "title_size". Aunque el control de elementos enumera un conjunto fijo de posibles etiquetas html, es posible que un usuario con permisos de Colaborador o superiores envíe una petición "save_builder" modificada que contenga JavaScript en el parámetro "title_size", que no se filtra y se genera sin escapar . • https://wpscan.com/vulnerability/ef23df6d-e265-44f6-bb94-1005b16d34d9 https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •