Elementor

Website Builder

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-29455

Exploit
  • EPSS 49.43%
  • Veröffentlicht 13.06.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 06:59:07

DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.

8.8

CVE-2022-1329

Exploit
  • EPSS 93.44%
  • Veröffentlicht 19.04.2022 21:15:13
  • Zuletzt bearbeitet 21.11.2024 06:40:30

The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify si...

6.1

CVE-2021-24891

Exploit
  • EPSS 5.35%
  • Veröffentlicht 23.11.2021 20:15:10
  • Zuletzt bearbeitet 21.11.2024 05:53:57

The Elementor Website Builder WordPress plugin before 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue.

5.4

CVE-2021-24206

Exploit
  • EPSS 0.11%
  • Veröffentlicht 05.04.2021 19:15:17
  • Zuletzt bearbeitet 21.11.2024 05:52:35

In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user wi...

5.4

CVE-2021-24205

Exploit
  • EPSS 0.11%
  • Veröffentlicht 05.04.2021 19:15:17
  • Zuletzt bearbeitet 21.11.2024 05:52:35

In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with...

5.4

CVE-2021-24204

Exploit
  • EPSS 0.11%
  • Veröffentlicht 05.04.2021 19:15:17
  • Zuletzt bearbeitet 21.11.2024 05:52:35

In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a use...

5.4

CVE-2021-24203

Exploit
  • EPSS 0.11%
  • Veröffentlicht 05.04.2021 19:15:17
  • Zuletzt bearbeitet 21.11.2024 05:52:35

In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Co...

5.4

CVE-2021-24202

Exploit
  • EPSS 0.11%
  • Veröffentlicht 05.04.2021 19:15:16
  • Zuletzt bearbeitet 21.11.2024 05:52:35

In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with ...

5.4

CVE-2021-24201

Exploit
  • EPSS 0.12%
  • Veröffentlicht 05.04.2021 19:15:16
  • Zuletzt bearbeitet 21.11.2024 05:52:34

In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Co...

6.1

CVE-2020-36171

  • EPSS 0.14%
  • Veröffentlicht 06.01.2021 15:15:15
  • Zuletzt bearbeitet 21.11.2024 05:28:52

The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads.