CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24202 – Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget
https://notcve.org/view.php?id=CVE-2021-24202
In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘title’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed. En el plugin de WordPress Elementor Website Builder versiones anteriores a 3.1.4, el widget heading (el archivo includes/widgets/heading.php) acepta un parámetro "header_size". Aunque el control de elementos enumera un conjunto fijo de posibles etiquetas html, es posible que un usuario con permisos de Colaborador o superiores envíe una petición "save_builder" modificada con este parámetro establecido en "script" y combinado con un parámetro de "títle" que contenga JavaScript , que luego será ejecutado cuando la página guardada es visualizada o previsualizada • https://wpscan.com/vulnerability/b72bd13d-c8e2-4347-b009-542fc0fe21bb https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24203 – Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Divider Widget
https://notcve.org/view.php?id=CVE-2021-24203
In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘text’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed. En el plugin de WordPress Elementor Website Builder versiones anteriores a 3.1.4, el widget divisor (el archivo includes/widgets/divider.php) acepta un parámetro "html_tag". Aunque el control de elementos enumera un conjunto fijo de posibles etiquetas html, es posible que un usuario con permisos de Colaborador o superiores envíe una petición "save_builder" modificada con este parámetro establecido en '"script" y combinado con un parámetro de "text" que contenga JavaScript , que luego será ejecutado cuando la página guardada es visualizada o previsualizada • https://wpscan.com/vulnerability/aa152ad0-5b3d-4d1f-88f4-6899a546e72e https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24206 – Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget
https://notcve.org/view.php?id=CVE-2021-24206
In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. En el plugin de WordPress Elementor Website Builder versiones anteriores a 3.1.4, el widget de cuadro de imagen (el archivo includes/widgets/image-box.php) acepta un parámetro "title_size". Aunque el control de elementos enumera un conjunto fijo de posibles etiquetas html, es posible que un usuario con permisos de Colaborador o superiores envíe una petición "save_builder" modificada que contenga JavaScript en el parámetro "title_size", que no se filtra y se genera sin escapar . • https://wpscan.com/vulnerability/2f66efd9-7d55-4f33-9109-3cb583a0c309 https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24204 – Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget
https://notcve.org/view.php?id=CVE-2021-24204
In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. En el plugin de WordPress Elementor Website Builder versiones anteriores a 3.1.4, el widget accordion (el archivo includes/widgets/accordion.php) acepta un parámetro "title_html_tag". Aunque el control de elementos enumera un conjunto fijo de posibles etiquetas html, es posible que un usuario con permisos de Colaborador o superiores envíe una petición "save_builder" modificada que contenga JavaScript en el parámetro 'title_html_tag', que no se filtra y se genera sin escapar. • https://wpscan.com/vulnerability/772e172f-c8b4-4a6a-9eb9-9663295cfedf https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36171 – Elementor Website Builder <= 3.0.13 - Unrestricted SVG Uploads
https://notcve.org/view.php?id=CVE-2020-36171
The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads. El plugin Elementor Website Builder versiones anteriores a 3.0.14 para WordPress, no restringe apropiadamente las cargas SVG The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized malicious SVG file uploads in versions up to, and including, 3.0.13. This is due to improper restrictions on allowing SVG file uploads. This makes it possible for authenticated attackers with post editor access to upload SVG files that could contain malicious content such as web scripts. • https://wordpress.org/plugins/elementor/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •