Elementor < 2.9.8 - SVG Sanitizer Bypass leading to Authenticated Stored XSS



Description
Jerome Bruandet, from NinTechNet, discovered a bypass in the SVG sanitizer, which could lead to an authenticated stored XSS issue from users with the upload_files  capability.

Affects Plugin

fixed in version 2.9.8

References

URL https://blog.nintechnet.com/wordpress-elementor-plugin-fixed-svg-xss-protection-bypass-vulnerability/

Classification

Type BYPASS

Miscellaneous

Original Researcher Jerome Bruandet (NinTechNet)
Views 1966
Verified No
WPVDB ID 10213

Timeline

Publicly Published 2020-05-06 (20 days ago)
Added 2020-05-06 (19 days ago)
Last Updated 2020-05-07 (18 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin