PT-2026-60420 · WordPress · Elementor Header & Footer Builder
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Header Footer Builder for Elementor versions prior to 1.2.1
Description
Insufficient administrative capability requirements for the dashboard template-import action allow users with
edit posts permissions, such as Contributors, to import templates. An attacker can include an Elementor HTML widget configured for site-wide display to inject JavaScript that executes in the session of any visitor or administrator who loads the site.Recommendations
Update Header Footer Builder for Elementor to version 1.2.1 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Elementor Header & Footer Builder