CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24206 – Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget
https://notcve.org/view.php?id=CVE-2021-24206
In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. En el plugin de WordPress Elementor Website Builder versiones anteriores a 3.1.4, el widget de cuadro de imagen (el archivo includes/widgets/image-box.php) acepta un parámetro "title_size". Aunque el control de elementos enumera un conjunto fijo de posibles etiquetas html, es posible que un usuario con permisos de Colaborador o superiores envíe una petición "save_builder" modificada que contenga JavaScript en el parámetro "title_size", que no se filtra y se genera sin escapar . • https://wpscan.com/vulnerability/2f66efd9-7d55-4f33-9109-3cb583a0c309 https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24204 – Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget
https://notcve.org/view.php?id=CVE-2021-24204
In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. En el plugin de WordPress Elementor Website Builder versiones anteriores a 3.1.4, el widget accordion (el archivo includes/widgets/accordion.php) acepta un parámetro "title_html_tag". Aunque el control de elementos enumera un conjunto fijo de posibles etiquetas html, es posible que un usuario con permisos de Colaborador o superiores envíe una petición "save_builder" modificada que contenga JavaScript en el parámetro 'title_html_tag', que no se filtra y se genera sin escapar. • https://wpscan.com/vulnerability/772e172f-c8b4-4a6a-9eb9-9663295cfedf https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36171 – Elementor Website Builder <= 3.0.13 - Unrestricted SVG Uploads
https://notcve.org/view.php?id=CVE-2020-36171
The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads. El plugin Elementor Website Builder versiones anteriores a 3.0.14 para WordPress, no restringe apropiadamente las cargas SVG The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized malicious SVG file uploads in versions up to, and including, 3.0.13. This is due to improper restrictions on allowing SVG file uploads. This makes it possible for authenticated attackers with post editor access to upload SVG files that could contain malicious content such as web scripts. • https://wordpress.org/plugins/elementor/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15020 – Elementor Website Builder <= 2.9.13 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-15020
An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field. Se detectó un problema en el plugin Elementor versiones hasta 2.9.13 para WordPress. Un atacante autenticado puede lograr un ataque de tipo XSS almacenado por medio del campo Name Your Template • http://hidden-one.co.in/2020/07/07/cve-2020-1020-stored-xss-on-elementor-wordpress-plugin https://wordpress.org/plugins/elementor/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36703 – Elementor Website Builder <= 2.9.7 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-36703
The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the upload_files capability to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the stored web scripts. • https://blog.nintechnet.com/wordpress-elementor-plugin-fixed-svg-xss-protection-bypass-vulnerability https://www.wordfence.com/threat-intel/vulnerabilities/id/42db52ae-f881-4082-b475-8577a28641c6?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •