July 20, 2020

Stored XSS in Elementor

During a routine audit of WordPress plugins last december, we discovered a Stored XSS vulnerability in the very popular Elementor Page Builder plugin, which powers no less than 3 million+ websites according to the official active installs count.

Are You Affected?

This vulnerability is exploitable on sites which allow users to have accounts and are using Elementor versions lower than 2.7.6, released last December.

A successful attack results in malicious scripts being injected on the plugin’s System Info page.

Continue reading Stored XSS in Elementor at Sucuri Blog.

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 15, 2024 to January 21, 2024)

Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, …

Read Story

Wordpress

January 25, 2024

High Severity Vulnerability Patched in WooCommerce Stock Manager Plugin

On May 21, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered…

Read Story

Wordpress

June 14, 2021

Vulnerability Patched in Cozmolabs Profile Builder Plugin – Information Disclosure Leads to Account Takeover

Hundreds, if not thousands of WordPress plugins are conceived with the idea of making site building and maintenance easier for…

Read Story

Wordpress

March 14, 2023

Emergency WordPress Help

One of our techs will get back to you within minutes.

Stored XSS in Elementor

More great articles

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 15, 2024 to January 21, 2024)

High Severity Vulnerability Patched in WooCommerce Stock Manager Plugin

Vulnerability Patched in Cozmolabs Profile Builder Plugin – Information Disclosure Leads to Account Takeover

Emergency WordPress Help