July 20, 2020

Stored XSS in Elementor

During a routine audit of WordPress plugins last december, we discovered a Stored XSS vulnerability in the very popular Elementor Page Builder plugin, which powers no less than 3 million+ websites according to the official active installs count.

Are You Affected?

This vulnerability is exploitable on sites which allow users to have accounts and are using Elementor versions lower than 2.7.6, released last December.

A successful attack results in malicious scripts being injected on the plugin’s System Info page.

Continue reading Stored XSS in Elementor at Sucuri Blog.

6,000 WordPress Sites Affected by Unauthenticated Critical Vulnerability in WP Job Portal WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to…

Read Story

Wordpress

September 3, 2024

WooCommerce Extension – Reflected XSS Vulnerability

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security…

Read Story

Wordpress

November 17, 2021

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4, 2023 to December 10, 2023)

Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles…

Read Story

Wordpress

December 14, 2023

Emergency WordPress Help

One of our techs will get back to you within minutes.

Stored XSS in Elementor

More great articles

6,000 WordPress Sites Affected by Unauthenticated Critical Vulnerability in WP Job Portal WordPress Plugin

WooCommerce Extension – Reflected XSS Vulnerability

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4, 2023 to December 10, 2023)

Emergency WordPress Help