CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24204 – Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget
https://notcve.org/view.php?id=CVE-2021-24204
In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. En el plugin de WordPress Elementor Website Builder versiones anteriores a 3.1.4, el widget accordion (el archivo includes/widgets/accordion.php) acepta un parámetro "title_html_tag". Aunque el control de elementos enumera un conjunto fijo de posibles etiquetas html, es posible que un usuario con permisos de Colaborador o superiores envíe una petición "save_builder" modificada que contenga JavaScript en el parámetro 'title_html_tag', que no se filtra y se genera sin escapar. • https://wpscan.com/vulnerability/772e172f-c8b4-4a6a-9eb9-9663295cfedf https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36171 – Elementor Website Builder <= 3.0.13 - Unrestricted SVG Uploads
https://notcve.org/view.php?id=CVE-2020-36171
The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads. El plugin Elementor Website Builder versiones anteriores a 3.0.14 para WordPress, no restringe apropiadamente las cargas SVG The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized malicious SVG file uploads in versions up to, and including, 3.0.13. This is due to improper restrictions on allowing SVG file uploads. This makes it possible for authenticated attackers with post editor access to upload SVG files that could contain malicious content such as web scripts. • https://wordpress.org/plugins/elementor/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2020-26596 – Elementor Pro <= 3.0.5 - Authenticated Remote Code Execution in Dynamic OOO Widget
https://notcve.org/view.php?id=CVE-2020-26596
The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. NOTE: this issue can be mitigated by removing the Dynamic OOO widget or by restricting availability of the Editor role. El widget Dynamic OOO para el plugin Elementor Pro versiones hasta 3.0.5 para WordPress, permite a usuarios autenticados remotos ejecutar código arbitrario porque solo se necesita el rol Editor para cargar código PHP ejecutable por medio del fragmento PHP Raw. NOTA: este problema se puede mitigar eliminando el widget Dynamic OOO o restringiendo la disponibilidad del rol Editor • https://elementor.com/pro/changelog https://ww2.compunet.cl/dia-cero-en-plugin-de-wordpres-detectada-compunet-redteam • CWE-269: Improper Privilege Management •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15020 – Elementor Website Builder <= 2.9.13 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-15020
An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field. Se detectó un problema en el plugin Elementor versiones hasta 2.9.13 para WordPress. Un atacante autenticado puede lograr un ataque de tipo XSS almacenado por medio del campo Name Your Template • http://hidden-one.co.in/2020/07/07/cve-2020-1020-stored-xss-on-elementor-wordpress-plugin https://wordpress.org/plugins/elementor/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13864 – Elementor Website Builder <= 2.9.8 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-13864
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links. El plugin Elementor Page Builder versiones anteriores a 2.9.9 para WordPress, sufre de una vulnerabilidad de tipo XSS almacenado. Un usuario autor puede crear publicaciones que resulten en un ataque de tipo XSS almacenado mediante el uso de una carga útil diseñada en enlaces personalizados The Elementor Website Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links. • https://www.softwaresecured.com/elementor-page-builder-stored-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •