CVE-2024-1521

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

PT-2024-18109 · Apache +2 · Apache Http Server +2

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder Pro plugin for WordPress versions up to, and including, 3.20.1 Description: The vulnerability is a Stored Cross-Site Scripting issue that occurs when an SVGZ file is uploaded via the Form widget, due to insufficient...