Vulnerability Bulletins

Cross-Site Scripting Vulnerabilities in Elementor Impact Over 7 Million Sites


System information

   
Affected software Wordpress

Description

On February 23, 2021, the Wordfence Threat Intelligence team responsibly disclosed a set of stored Cross-Site Scripting vulnerabilities in Elementor, a WordPress plugin which “is now actively installed and used on more than 7M websites” according to a recent announcement on the Elementor blog. These vulnerabilities allowed any user able to access the Elementor editor, […]

More info:

https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/

Standar resources

Property Value
CVE

Version history

Version Comments Date
1.0 Advisory issued 2021-03-19
Ministerio de Defensa
CNI
CCN
CCN-CERT