CVE-2024-37437

Name of the Vulnerable Software and Affected Versions Elementor Website Builder versions prior to 3.22.1

Description The issue is related to an improper limitation of a pathname to a restricted directory, also known as a "Path Traversal" vulnerability, in Elementor Website Builder. This vulnerability allows for Cross-Site Scripting (XSS), including Stored XSS.

Recommendations For versions prior to 3.22.1, update to a version newer than 3.22.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive directories and implementing additional security measures to minimize the risk of Cross-Site Scripting (XSS) attacks.