2301 matches found
VulnCheck KEV: CVE-2021-24206
In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget includes/widgets/image-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...
VulnCheck KEV: CVE-2021-24202
In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget includes/widgets/heading.php accepts a ‘headersize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...
Cross site request forgery (csrf)
The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages...
CVE-2020-36171
The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads...
Elementor < 3.0.14 - SVG Upload Allowed by Default
The plugin allowed SVG files to be uploaded by default, which might lead to security issues, such as Cross-Site Scripting...
CVE-2020-15020
An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field...
CVE-2020-15020
An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field...
CVE-2020-15020
An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field...
PT-2020-14124 · Elementor · Elementor
Name of the Vulnerable Software and Affected Versions: Elementor plugin versions prior to 2.9.14 Description: An issue allows an authenticated attacker to achieve stored XSS via the Name Your Template field. Recommendations: For Elementor plugin versions prior to 2.9.14, update to version 2.9.14 ...
WordPress Elementor Plugin Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. elementor is a drag-and-drop page builder plugin used in it. A cross-site scripting vulnerability exists in the WordPress Elementor...
CVE-2020-8426
The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user...
CVE-2020-8426
The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user...
Cross site scripting
The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user...
CVE-2020-8426
The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user...
CVE-2020-8426
CVE-2020-8426 describes a reflected XSS in the WordPress Elementor Page Builder plugin (versions prior to 2.8.5) on the elementor-system-info page. The vulnerability is exploitable by an authenticated user; no public exploit details are provided in the supplied documents. Affected component is th...
CVE-2017-18596
The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions...
CVE-2017-18596
The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions...
Design/Logic Flaw
The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions...
CVE-2017-18596
The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions...
WordPress sina-extension-for-elementor plugin path traversal vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. sina-extension-for-elementor is a webpage builder plugin used in it. A path traversal vulnerability exists in versions of the WordPres...