Lucene search
CVE-2021-24202
Elementor WordPress plugin before 3.1.4 allows Contributor+ to execute JavaScript
Show more
| Reporter | Title | Published | Views | Family All 6 |
|---|---|---|---|---|
 | Design/Logic Flaw | 5 Apr 202119:15 | – | prion |
 | CVE-2021-24202 | 22 May 202518:34 | – | redhatcve |
 | CVE-2021-24202 | 5 Apr 202119:15 | – | nvd |
 | Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget | 17 Mar 202100:00 | – | wpexploit |
 | Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget | 17 Mar 202100:00 | – | wpvulndb |
 | CVE-2021-24202 Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget | 5 Apr 202118:27 | – | cvelist |
Node
[
{
"product": "Elementor Website Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.1.4",
"status": "affected",
"version": "3.1.4",
"versionType": "custom"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| header_size | request body | includes/widgets/heading.php | Vulnerability allows execution of JavaScript in the heading widget due to improper handling of user input. | CWE-79 |
| title | request body | includes/widgets/heading.php | Vulnerability allows execution of JavaScript in the heading widget due to improper handling of user input. | CWE-79 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo05 Apr 2021 19:15Current
5.4Medium risk
Vulners AI Score5.4
CVSS23.5
CVSS35.4
EPSS0.00099