An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field.
5.4CVSS
5.4AI Score
0.0004EPSS
Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog.
6.5CVSS
6.3AI Score
0.001EPSS
The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template.
9.8CVSS
9.4AI Score
0.002EPSS
The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user.
5.4CVSS
5.2AI Score
0.001EPSS