logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Elementor < 3.0.14 - SVG Upload Allowed by Default

Description

The plugin allowed SVG files to be uploaded by default, which might lead to security issues, such as Cross-Site Scripting

Affects Plugins

elementor

Fixed in version 3.0.14

References

CVE

CVE-2020-36171

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Verified

No

WPVDB ID

5c5f44e1-c00b-4a90-a581-ef06765b7f66

Timeline

Publicly Published

2021-01-06 (about 4 months ago)

Added

2021-01-06 (about 4 months ago)

Last Updated

2021-01-09 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin