CVE-2023-47505 – WordPress Elementor Website Builder Plugin <= 3.16.4 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-47505
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor.Com Elementor allows Cross-Site Scripting (XSS).This issue affects Elementor: from n/a through 3.16.4. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ("Cross-site Scripting") en Elementor.Com Elementor permite Cross-Site Scripting (XSS). Este problema afecta a Elementor: desde n/a hasta 3.16.4. The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the get_inline_svg() function in versions up to, and including, 3.16.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/articles/arbitrary-attachment-render-to-xss-in-elementor-plugin?_s_id=cve https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-16-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-0329 – Elementor Website Builder < 3.12.2 - Admin+ SQLi
https://notcve.org/view.php?id=CVE-2023-0329
The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role. The Elementor plugin for WordPress is vulnerable to blind SQL Injection via the 'replace_urls' functionality in versions up to, and including, 3.12.1 due to insufficient escaping on the user supplied 'old' and 'new' parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Elementor Website Builder versions prior to 3.12.2 suffer from a remote SQL injection vulnerability. • http://packetstormsecurity.com/files/175639/Elementor-Website-Builder-SQL-Injection.html https://wpscan.com/vulnerability/a875836d-77f4-4306-b275-2b60efff1493 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-1329 – Elementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code Execution
https://notcve.org/view.php?id=CVE-2022-1329
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2. El plugin Elementor Website Builder para WordPress es vulnerable a una ejecución no autorizada de varias acciones AJAX debido a una falta de una comprobación de capacidad en el archivo ~/core/app/modules/onboarding/module.php que hace posible que atacantes modifiquen los datos del sitio además de cargar archivos maliciosos que pueden usarse para obtener una ejecución de código remota, en las versiones 3.6.0 a 3.6.2 WordPress Elementor plugin versions 3.6.0 through 3.6.2 suffer from a remote shell upload vulnerability. This is achieved by sending a request to install Elementor Pro from a user supplied zip file. Any user with Subscriber or more permissions is able to execute this. • https://github.com/mcdulltii/CVE-2022-1329 https://github.com/AkuCyberSec/CVE-2022-1329-WordPress-Elementor-3.6.0-3.6.1-3.6.2-Remote-Code-Execution-Exploit https://github.com/Grazee/CVE-2022-1329-WordPress-Elementor-RCE https://github.com/phanthibichtram12/CVE-2022-1329 https://github.com/dexit/CVE-2022-1329 http://packetstormsecurity.com/files/168615/WordPress-Elementor-3.6.2-Shell-Upload.html https://plugins.trac.wordpress.org/changeset/2708766/elementor/trunk/core/app/modules/onboarding • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •