logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Elementor < 2.9.8 - SVG Sanitizer Bypass leading to Authenticated Stored XSS

Description

Jerome Bruandet, from NinTechNet, discovered a bypass in the SVG sanitizer, which could lead to an authenticated stored XSS issue from users with the upload_files  capability.

Affects Plugins

elementor

Fixed in version 2.9.8

References

URL

https://blog.nintechnet.com/wordpress-elementor-plugin-fixed-svg-xss-protection-bypass-vulnerability/

Classification

Type

BYPASS

Miscellaneous

Original Researcher

Jerome Bruandet (NinTechNet)

Verified

No

WPVDB ID

e601fc58-97a0-4a67-8955-abf0e37e74ae

Timeline

Publicly Published

2020-05-06 (about 1 years ago)

Added

2020-05-06 (about 1 years ago)

Last Updated

2020-05-07 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin