Th3 Hidd3n 0n3PATCHSTACK:04CF99BB8D733136E211FA9CD85BBA40WordPress Elementor Website Builder plugin <= 2.9.13 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
Authenticated Stored Cross-Site Scripting (XSS) vulnerability found by Th3 Hidd3n 0n3 in WordPress Elementor Website Builder plugin (versions <= 2.9.13).
Solution
Update the WordPress Elementor Website Builder plugin to the latest available version (at least 2.9.140.
| CPE | Name | Operator | Version |
|---|---|---|---|
| elementor website builder | le | 2.9.13 |
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N