| ID | 1090501618 |
| Created | Dec 15, 2022 |
| Updated | Dec 15, 2022 |
| Severity |
|
| Default Action | pass |
| Active |
|
| Affected OS | All |
| Affected App | WordPress |
| Engine Version | 5.0.0 or later |
Legend
| Enabled/Available |
|
| Disabled/Not Available |
|
Update History
| Date | Version | Detail |
|---|---|---|
| 2022-12-16 | 0.00336 |
Refine Search
Threat Encyclopedia
DOM-based.Reflected.Cross-Site.Scripting(XSS)
Description
Rotem Bar discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Elementor Website Builder Plugin.
This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 3.5.6.
Affected Products
Elementor Website Builder Plugin <= 3.5.5
Impact
System Compromise: Remote attackers can execute arbitrary script code in the context of the affected application.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.