WordPress Plugin Vulnerabilities

Elementor < 3.4.8 - DOM Cross-Site-Scripting

Description

The plugin does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue.

The issue was initially fixed in 3.1.4, however re-introduced in 3.2.0.

Proof of Concept

https://example.com/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoibnVsbCIsImh0bWwiOiI8c2NyaXB0PmFsZXJ0KCd4c3MnKTwvc2NyaXB0PiJ9

Affects Plugins

Plugin icon
elementor
Fixed in 3.4.8

References

CVE
CVE-2021-24891
URL
https://www.jbelamor.com/xss-elementor-lightox.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Joel
Submitter
Joel
Submitter website
https://www.jbelamor.com/
Verified
Yes
WPVDB ID
fbed0daa-007d-4f91-8d87-4bca7781de2d

Timeline

Publicly Published
2021-03-24 (about 3 years ago)
Added
2021-10-20 (about 2 years ago)
Last Updated
2022-04-14 (about 2 years ago)

Other

Published
Title
Published
2023-12-19
Title
iframe Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Published
2021-06-25
Title
Paid Membership Pro < 2.5.10 - Cross-Site Scripting (XSS)
Published
2022-10-27
Title
BuddyForms < 2.7.6 - Contributor+ Stored XSS
Published
2024-04-16
Title
Navigation menu as Dropdown Widget < 1.3.5 - Authenticated (Admin+) Stored Cross-Site Scripting
Published
2024-04-09
Title
Kattene < 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting