User

Welcome to WordPress Community Forum. Please login or sign up.

Apr 19, 2024, 12:38 AM

Login with username, password and session length

Shoutbox

Recent

Stats

Members
Stats
  • Total Posts: 55
  • Total Topics: 45
  • Online today: 7
  • Online ever: 136 (Apr 17, 2022, 11:37 PM)
Users Online
  • Users: 0
  • Guests: 9
  • Total: 9

Online

9 Guests, 0 Users

WordPress Elementor plugin <= 3.5.5 - Cross-Site Scripting (XSS) Vulnerability

Started by Kailash, Jun 13, 2022, 08:08 AM

Previous topic - Next topic

WordPress Premium Themes


Print
Go Down Pages1
User actions

Kailash

Jun 13, 2022, 08:08 AM Last Edit: Jun 13, 2022, 08:21 AM by Kailash
WordPress Elementor plugin <= 3.5.5 - Unauthenticated DOM-based Reflected Cross-Site Scripting (XSS) vulnerability

Plugin name: Elementor Website Builder
Vulnerable versions: <= 3.5.5
Fixed in: 3.5.6
CVE ID: CVE-2022-29455
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-13

Vulnerability Details

Unauthenticated DOM-based Reflected Cross-Site Scripting (XSS) vulnerability discovered by Rotem Bar (Patchstack Alliance) in WordPress Elementor plugin (versions <= 3.5.5).

Solution

Update the WordPress Elementor plugin to the latest available version (at least 3.5.6).

Plugin Link: https://wordpress.org/plugins/elementor/

WordPress Premium Themes


Print
Go Up Pages1
User actions