Wordpress
July 20, 2020

Stored XSS in Elementor

During a routine audit of WordPress plugins last december, we discovered a Stored XSS vulnerability in the very popular Elementor Page Builder plugin, which powers no less than 3 million+ websites according to the official active installs count.

Are You Affected?

This vulnerability is exploitable on sites which allow users to have accounts and are using Elementor versions lower than 2.7.6, released last December.

A successful attack results in malicious scripts being injected on the plugin’s System Info page.

Continue reading Stored XSS in Elementor at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

Record Breaking $153,000+ Already Invested into the Security of the WordPress Ecosystem by Wordfence – More to Come!

Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000,…

Read Story
Wordpress
March 15, 2024

WordPress Vulnerability & Patch Roundup July 2023

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are…

Read Story
Wordpress
August 31, 2023

Authentication Bypass Vulnerability in InfiniteWP Client

An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This…

Read Story
Wordpress
July 4, 2020

Emergency WordPress Help

One of our techs will get back to you within minutes.