CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24204 – Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget
https://notcve.org/view.php?id=CVE-2021-24204
In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. En el plugin de WordPress Elementor Website Builder versiones anteriores a 3.1.4, el widget accordion (el archivo includes/widgets/accordion.php) acepta un parámetro "title_html_tag". Aunque el control de elementos enumera un conjunto fijo de posibles etiquetas html, es posible que un usuario con permisos de Colaborador o superiores envíe una petición "save_builder" modificada que contenga JavaScript en el parámetro 'title_html_tag', que no se filtra y se genera sin escapar. • https://wpscan.com/vulnerability/772e172f-c8b4-4a6a-9eb9-9663295cfedf https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36171 – Elementor Website Builder <= 3.0.13 - Unrestricted SVG Uploads
https://notcve.org/view.php?id=CVE-2020-36171
The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads. El plugin Elementor Website Builder versiones anteriores a 3.0.14 para WordPress, no restringe apropiadamente las cargas SVG The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized malicious SVG file uploads in versions up to, and including, 3.0.13. This is due to improper restrictions on allowing SVG file uploads. This makes it possible for authenticated attackers with post editor access to upload SVG files that could contain malicious content such as web scripts. • https://wordpress.org/plugins/elementor/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15020 – Elementor Website Builder <= 2.9.13 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-15020
An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field. Se detectó un problema en el plugin Elementor versiones hasta 2.9.13 para WordPress. Un atacante autenticado puede lograr un ataque de tipo XSS almacenado por medio del campo Name Your Template • http://hidden-one.co.in/2020/07/07/cve-2020-1020-stored-xss-on-elementor-wordpress-plugin https://wordpress.org/plugins/elementor/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36703 – Elementor Website Builder <= 2.9.7 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-36703
The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the upload_files capability to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the stored web scripts. • https://blog.nintechnet.com/wordpress-elementor-plugin-fixed-svg-xss-protection-bypass-vulnerability https://www.wordfence.com/threat-intel/vulnerabilities/id/42db52ae-f881-4082-b475-8577a28641c6?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20634 – Elementor Website Builder <= 2.9.5 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2020-20634
Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog. El plugin de WordPress Elementor versiones 2.9.5 y anteriores, permite a usuarios autenticados activar su funcionalidad de modo seguro. Esto puede ser explotado para deshabilitar todos los plugin de seguridad en el blog. • https://blog.nintechnet.com/wordpress-elementor-plugin-fixed-safe-mode-privilege-escalation-vulnerability • CWE-862: Missing Authorization •