Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:34 p.m.10 views

CVE-2021-24202

In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget includes/widgets/heading.php accepts a ‘headersize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modifie...

5.4CVSS6.8AI score0.00746EPSS
Exploits2References1
OSV
OSV
added 2021/04/05 7:15 p.m.8 views

CVE-2021-24202

In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget includes/widgets/heading.php accepts a ‘headersize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modifie...

5.4CVSS5.8AI score0.00746EPSS
Exploits2References2
NVD
NVD
added 2021/04/05 7:15 p.m.32 views

CVE-2021-24202

In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget includes/widgets/heading.php accepts a ‘headersize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modifie...

5.4CVSS0.00746EPSS
Exploits2References2
Cvelist
Cvelist
added 2021/04/05 6:27 p.m.32 views

CVE-2021-24202 Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget

In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget includes/widgets/heading.php accepts a ‘headersize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modifie...

5.8AI score0.00746EPSS
Exploits2References2
CVE
CVE
added 2021/04/05 6:27 p.m.46 views

CVE-2021-24202

CVE-2021-24202 affects the Elementor Website Builder WordPress plugin (before 3.1.4). The heading widget’s header_size parameter is exploitable when an authenticated user (Contributor or higher) sends a modified save_builder payload, setting header_size to script and a title containing JavaScript...

5.4CVSS5.4AI score0.00746EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder