5 matches found
CVE-2021-24202
In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget includes/widgets/heading.php accepts a ‘headersize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modifie...
CVE-2021-24202
In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget includes/widgets/heading.php accepts a ‘headersize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modifie...
CVE-2021-24202
In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget includes/widgets/heading.php accepts a ‘headersize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modifie...
CVE-2021-24202 Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget
In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget includes/widgets/heading.php accepts a ‘headersize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modifie...
CVE-2021-24202
CVE-2021-24202 affects the Elementor Website Builder WordPress plugin (before 3.1.4). The heading widget’s header_size parameter is exploitable when an authenticated user (Contributor or higher) sends a modified save_builder payload, setting header_size to script and a title containing JavaScript...