CVE-2021-24202
published 2021-04-05CVE-2021-24202: In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although…
PriorityP278medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.75%
50.2th percentile
In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘title’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elementor | website_builder | < 3.1.4 | 3.1.4 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vulncheck5.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3m69-5fv4-gmmr: In the Elementor Website Builder WordPress plugin before 3
ghsa_unreviewed·2022-05-24
CVE-2021-24202 [MEDIUM] CWE-79 GHSA-3m69-5fv4-gmmr: In the Elementor Website Builder WordPress plugin before 3
In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘title’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed.
VulnCheck
elementor Website Builder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2021·CVSS 5.4
CVE-2021-24202 [MEDIUM] elementor Website Builder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
elementor Website Builder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘title’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed.
Affected: elementor Website Builder
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://wpscan.com/vulnerability/b72bd13d-c8e2-4347-b009-542fc0fe21bbhttps://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/https://wpscan.com/vulnerability/b72bd13d-c8e2-4347-b009-542fc0fe21bbhttps://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/
2021-04-05
Published
Exploited in the wild