NotCVE - vendor:"Elementor" product:"Website Builder" version:" <= 3.16.4"

Page 4 of 18 results (0.007 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-20634 – Elementor Website Builder <= 2.9.5 - Authorization Bypass

https://notcve.org/view.php?id=CVE-2020-20634

Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog. El plugin de WordPress Elementor versiones 2.9.5 y anteriores, permite a usuarios autenticados activar su funcionalidad de modo seguro. Esto puede ser explotado para deshabilitar todos los plugin de seguridad en el blog. • https://blog.nintechnet.com/wordpress-elementor-plugin-fixed-safe-mode-privilege-escalation-vulnerability • CWE-862: Missing Authorization •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-8426 – Elementor Website Builder <= 2.8.4 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2020-8426

The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user. El plugin Elementor versiones anteriores a 2.8.5 para WordPress, sufre de una vulnerabilidad de tipo XSS reflejado en la página elementor-system-info. Estos pueden ser explotados al apuntar a un usuario autenticado. • https://blog.impenetrable.tech/xss-in-wordpress-elementor-plugin https://wordpress.org/plugins/elementor/#developers https://wpvulndb.com/vulnerabilities/10051 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-7109 – Elementor Website Builder <= 2.8.3 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2020-7109

The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template. El plugin Elementor Page Builder versiones anteriores a 2.8.4 para WordPress, no sanea los datos durante la creación de una nueva plantilla. • https://wordpress.org/plugins/elementor/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4