CVE-2021-24202

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 70.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Elementor Website Builder Elementor Website Builder

Timeline

PublishedApr 5

Latest updateMay 24

Description

In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘title’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDelementor/website_builder< 3.1.4

▶CVEListV5unknown/elementor_website_builder3.1.4 — 3.1.4

🔴Vulnerability Details

GHSA

GHSA-3m69-5fv4-gmmr: In the Elementor Website Builder WordPress plugin before 3↗2022-05-24

▶

CVEList

Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget↗2021-04-05

▶

VulnCheck

elementor Website Builder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')↗2021

▶