CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8426 – Elementor Website Builder <= 2.8.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-8426
The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user. El plugin Elementor versiones anteriores a 2.8.5 para WordPress, sufre de una vulnerabilidad de tipo XSS reflejado en la página elementor-system-info. Estos pueden ser explotados al apuntar a un usuario autenticado. • https://blog.impenetrable.tech/xss-in-wordpress-elementor-plugin https://wordpress.org/plugins/elementor/#developers https://wpvulndb.com/vulnerabilities/10051 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7109 – Elementor Website Builder <= 2.8.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-7109
The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template. El plugin Elementor Page Builder versiones anteriores a 2.8.4 para WordPress, no sanea los datos durante la creación de una nueva plantilla. • https://wordpress.org/plugins/elementor/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •