CVE-2024-13445

Medium CVSS: 6.4

The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the border, margin and gap parameters in all versions up to, and including, 3.27.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor

Elementor

Product

Website Builder

CWE

CWE-79

Yayın Tarihi

2025-02-20 05:15:14

Güncelleme

2025-02-25 20:22:07

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-79 Website Builder MEDIUM Elementor 2025

Referanslar

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3241278%40elementor%2Ftrunk&old=3239949%40elementor%2Ftrunk&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/8a11e702-34d2-49ee-8762-cc3614a7950a?source=cve

Benzer Kayıtlar

Medium

CVE-2025-8081

The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via…

Medium

CVE-2025-3075

The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Sc…

Medium

CVE-2025-3076

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_text…

Medium

CVE-2025-1319

The Site Mailer – SMTP Replacement, Email API Deliverability & Email Log plugin for WordPress is vulnerable to Stored Cr…

Medium

CVE-2024-54444

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elemento…

Medium

CVE-2024-8494

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions u…