PT-2020-13738 · Elementor · Elementor Page Builder
Published
2020-06-05
·
Updated
2020-06-09
·
CVE-2020-13864
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Elementor Page Builder plugin versions prior to 2.9.9
Description
The issue allows an author user to create posts that result in a stored XSS by using a crafted payload in custom links.
Recommendations
For versions prior to 2.9.9, update to version 2.9.9 or later to resolve the issue.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Elementor Page Builder