WordPress Plugin Vulnerabilities

Elementor Page Builder < 2.8.4 - Cross-Site Scripting (XSS)

Description

Elementor Page Builder before 2.8.4 does not sanitise data when creating a new template, which could lead to Cross-Site Scripting issues

Affects Plugins

Plugin icon
elementor
Fixed in 2.8.4

References

CVE
CVE-2020-7109
URL
https://github.com/elementor/elementor/commit/a31dcf4ee1d18b58feef3e59fabb79976c11d0b8

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Verified
No
WPVDB ID
6503bdfa-013a-4172-8e3f-ea99444f1eca

Timeline

Publicly Published
2020-01-19 (about 4 years ago)
Added
2021-03-02 (about 3 years ago)
Last Updated
2021-03-07 (about 3 years ago)

Other

Published
Title
Published
2023-01-17
Title
Responsive Gallery Grid < 2.3.9 - Contributor+ Stored XSS
Published
2015-08-24
Title
iQ Block Country < 1.1.20 - Reflected Cross-Site Scripting (XSS)
Published
2022-07-26
Title
Simple Banner < 2.12.0 - Admin+ Stored Cross Site Scripting
Published
2020-07-29
Title
Reality < 2.5.6 - Multiple Reflected Cross-Site Scripting (XSS)
Published
2022-06-22
Title
LearnPress < 4.1.6.7 - Reflected Cross-Site Scripting