PT-2022-3505 · Elementor · Elementor Website Builder

🗓️ 13 Jun 2022 00:00:00Reported by Positive TechnologiesType

Dom Based Injection via settings in Elementor before 3.5.6 allows a remote script injection through the frontend script endpoint.

Reporter	Title	Published	Views	Family All 21
GithubExploit	Exploit for Cross-site Scripting in Elementor Website_Builder	1 Jun 202301:40	–	githubexploit
GithubExploit	Exploit for Cross-site Scripting in Elementor Website_Builder	1 Jun 202301:44	–	githubexploit
GithubExploit	Exploit for Cross-site Scripting in Elementor Website_Builder	5 Sep 202212:08	–	githubexploit
GithubExploit	Exploit for Cross-site Scripting in Elementor Website_Builder	12 Feb 202306:26	–	githubexploit
GithubExploit	Exploit for Cross-site Scripting in Elementor Website_Builder	5 Jan 202318:29	–	githubexploit
ATTACKERKB	CVE-2022-29455	13 Jun 202208:43	–	attackerkb
Circl	CVE-2022-29455	13 Jun 202220:17	–	circl
CNNVD	WordPress plugin Elementor Website 跨站脚本漏洞	13 Jun 202200:00	–	cnnvd
CNVD	WordPress plugin Elementor Website cross-site scripting vulnerability	15 Jun 202200:00	–	cnvd
CVE	CVE-2022-29455	13 Jun 202216:09	–	cve

Source	Link
github	www.github.com/akhilkoradiya/CVE-2022-29455
github	www.github.com/GULL2100/Wordpress_xss-CVE-2022-29455
rotem-bar	www.rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-29455
bdu	www.bdu.fstec.ru/vul/2022-04286
patchstack	www.patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-5-5-unauthenticated-dom-based-reflected-cross-site-scripting-xss-vulnerability
t	www.t.me/cibsecurity/44315
t	www.t.me/poxek/2182
wordpress	www.wordpress.org/plugins/elementor/
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

01 Sep 2024 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 24.3 - 6.4

CVSS 3.14.7 - 6.1

EPSS0.58138

SSVC