CVE-2021-24201

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder WordPress plugin versions prior to 3.1.4

Description: The issue concerns the column element in the Elementor Website Builder WordPress plugin, where a user with Contributor or above permissions can manipulate the html tag parameter to inject JavaScript. This JavaScript is not filtered and is output without escaping, leading to its execution when the saved page is viewed or previewed.

Recommendations: For versions prior to 3.1.4, update to version 3.1.4 or later to resolve the issue. As a temporary workaround, consider restricting the ability to modify the html tag parameter for users with Contributor or above permissions until the update is applied.