Elementor Page Builder < 2.7.7 – Authenticated Stored XSS

Affects Plugins

elementor

Fixed in 2.7.7

References

URL

https://labs.sucuri.net/stored-xss-in-elementor/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

5.4 (medium)

Miscellaneous

Original Researcher

Marc Alexandre Montpas (Sucuri)

Verified

No

WPVDB ID

2bcf7eb7-cddb-4d6a-8789-43dd3dff4dcf

Timeline

Publicly Published

2020-01-29 (about 6 years ago)

Added

2020-01-29 (about 6 years ago)

Last Updated

2021-03-02 (about 5 years ago)

Other

Published

Title

Published

2025-01-15

Title

Realtyna Provisioning < 1.2.3 - Reflected Cross-Site Scripting

Published

2025-02-03

Title

All push notification for WP <= 1.5.3 - Unauthenticated Stored Cross-Site Scripting

Published

2024-03-14

Title

HUSKY – Products Filter for WooCommerce Professional < 1.3.5.2 - Contributor+ Stored Cross-Site Scripting via Shortcode

Published

2024-09-09

Title

Slider by 10Web < 1.2.59 - Admin+ Stored XSS

Published

2026-02-10

Title

OpenPOS Lite < 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes