Elementor < 2.9.14 - Authenticated Stored Cross-Site Scripting

ID WPEX-ID:7DFDE62F-F167-403B-8B23-F4AC845AC04D
Type wpexploit
Reporter wpvulndb
Modified 2020-09-02T05:00:07


The template name is not properly sanitised when output back, leading to a stored XSS issue.

                                            Go to templates tab, click on "add new', and select page or section

Then add XSS payload  such as "><img src onerror=alert(`XSS`);> on "name your template" field and hit create template