RSS   Vulnerabilities for 'Elementor'   RSS

2020-05-17
 
CVE-2020-13126

CWE-434
 

 
An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is unaffected.

 
2020-04-22
 
CVE-2020-7055

CWE-434
 

 
An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive.

 
2020-01-28
 
CVE-2020-8426

CWE-79
 

 
The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user.

 
2019-10-07
 
CVE-2018-18379

CWE-79
 

 
The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS.

 
2019-09-10
 
CVE-2017-18596

CWE-269
 

 
The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions.

 

 >>> Vendor: Elementor 5 Products
Elementor
Elementor page builder
Page builder
Website builder
Elementor website builder


Copyright 2022, cxsecurity.com

 

Back to Top