CVE-2022-4953

Name of the Vulnerable Software and Affected Versions Elementor Website Builder WordPress plugin versions prior to 3.5.5

Description The issue allows user-controlled URLs to be loaded into the DOM without proper filtering. This could be exploited to inject rogue iframes that point to malicious URLs.

Recommendations For versions prior to 3.5.5, update to version 3.5.5 or later to resolve the issue. As a temporary workaround, consider restricting the loading of user-controlled URLs into the DOM to minimize the risk of exploitation.