Due to insufficient input sanitization and output escaping, it makes possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

  • Elementor Website Builder 3.23.2
  • Elementor Website Builder 3.23.3
  • Elementor Website Builder 3.23.4
  • Elementor Website Builder 3.24.0
  • Elementor Website Builder 3.24.0-beta1
  • Elementor Website Builder 3.24.0-beta2
  • Elementor Website Builder 3.24.0-beta3
  • Elementor Website Builder 3.24.0-dev1
  • Elementor Website Builder 3.24.0-dev2
  • Elementor Website Builder 3.24.0-dev3
  • Elementor Website Builder 3.24.1
  • Elementor Website Builder 3.24.2
  • Elementor Website Builder 3.24.3
  • Elementor Website Builder 3.24.4
  • Elementor Website Builder 3.24.5
  • Elementor Website Builder 3.24.6
  • Elementor Website Builder 3.24.7
  • Elementor Website Builder 3.24.8
  • Elementor Website Builder 3.25.0
  • Elementor Website Builder 3.25.0-beta1
  • Elementor Website Builder 3.25.0-beta2
  • Elementor Website Builder 3.25.0-beta3
  • Elementor Website Builder 3.25.0-dev1
  • Elementor Website Builder 3.25.0-dev2
  • Elementor Website Builder 3.25.0-dev3
  • Elementor Website Builder 3.25.1
  • Elementor Website Builder 3.25.2
  • Elementor Website Builder 3.25.3
  • Elementor Website Builder 3.25.4
  • Elementor Website Builder 3.25.5
  • Elementor Website Builder 3.25.6
  • Elementor Website Builder 3.25.7

Skriv et svar

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *