Vulnerabilities for Website builder (...) - CXSECURITY.COM

Vulnerabilities for 'Website builder'

2021-11-23

CVE-2021-24891

CWE-79

The Elementor Website Builder WordPress plugin before 3.1.4 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue

2021-04-05

CVE-2021-24206

CWE-79

In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a �??title_size�?? parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified �??save_builder�?? request containing JavaScript in the �??title_size�?? parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.

CVE-2021-24205

CWE-79

In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a �??title_size�?? parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified �??save_builder�?? request containing JavaScript in the �??title_size�?? parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.

CVE-2021-24204

CWE-79

In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a �??title_html_tag�?? parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified �??save_builder�?? request containing JavaScript in the �??title_html_tag�?? parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.

CVE-2021-24203

CWE-79

In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an �??html_tag�?? parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified �??save_builder�?? request with this parameter set to �??script�?? and combined with a �??text�?? parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed.

CVE-2021-24202

CWE-79

In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a �??header_size�?? parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified �??save_builder�?? request with this parameter set to �??script�?? and combined with a �??title�?? parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed.

CVE-2021-24201

CWE-79

In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ??�??�?html_tag??�??�?? parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ??�??�?save_builder??�??�?? request containing JavaScript in the ??�??�?html_tag??�??�?? parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.

2021-01-06

CVE-2020-36171

CWE-79

The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads.

>>> Vendor: Elementor 5 Products

Elementor page builder

Website builder

Elementor website builder

Copyright 2024, cxsecurity.com