WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Elementor < 2.9.8 - SVG Sanitizer Bypass leading to Authenticated Stored XSS

Description

Jerome Bruandet, from NinTechNet, discovered a bypass in the SVG sanitizer, which could lead to an authenticated stored XSS issue from users with the upload_files  capability.

Affects Plugins

elementor
Fixed in version 2.9.8

References

URL
https://blog.nintechnet.com/wordpress-elementor-plugin-fixed-svg-xss-protection-bypass-vulnerability/

Classification

Type

BYPASS

Miscellaneous

Original Researcher

Jerome Bruandet (NinTechNet)

Verified

No

WPVDB ID
e601fc58-97a0-4a67-8955-abf0e37e74ae

Timeline

Publicly Published

2020-05-06 (about 2 years ago)

Added

2020-05-06 (about 2 years ago)

Last Updated

2020-05-07 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin