Elementor Page Builder < 2.7.6 - Authenticated Stored XSS



Description
According to the original researcher, "A successful attack results in malicious scripts being injected on the plugin’s System Info page"

Affects Plugin

fixed in version 2.7.7

References

URL https://labs.sucuri.net/stored-xss-in-elementor/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Marc Alexandre Montpas (Sucuri)
Views 3854
Verified No
WPVDB ID 10052

Timeline

Publicly Published 2020-01-29 (23 days ago)
Added 2020-01-29 (22 days ago)
Last Updated 2020-01-30 (21 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin