Lucene search

Website Builder Security Vulnerabilities - 2020

cve

CVE-2020-15020

An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field.

5.4CVSS

5.4AI Score

0.0004EPSS

2020-08-31 01:15 PM

cve

CVE-2020-20634

Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog.

6.5CVSS

6.3AI Score

0.001EPSS

2020-08-21 03:15 PM

cve

CVE-2020-7109

The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template.

9.8CVSS

9.4AI Score

0.002EPSS

2020-01-22 05:15 PM

101

cve

CVE-2020-8426

The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user.

5.4CVSS

5.2AI Score

0.001EPSS

2020-01-28 11:15 PM