Cross site scripting

2021-05-0519:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

19.5%

JSON

The “Elementor – Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

CPENameOperatorVersion
elementor_-_header\\,_footer_\\&_blocks_templatelt1.5.8

CPE	Name	Operator	Version
	elementor_-_header\\,_footer_\\&_blocks_template	lt	1.5.8

References

wpscan.com/vulnerability/a9412fed-aed3-4931-a504-1a86f876892e

www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/

0.001 Low

EPSS

Percentile

19.5%

JSON

Related for PRION:CVE-2021-24256