Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-4953

The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.

Published

2023-08-14T20:15:10.193

Last Modified

2024-11-21T07:36:19.067

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	elementor	website_builder	< 3.5.5	Yes

References

https://github.com/elementor/elementor/commit/292fc49e0f979bd52d838f0326d1faaebfa59f5e Patch ([email protected])
https://wpscan.com/vulnerability/8273357e-f9e1-44bc-8082-8faab838eda7 Exploit, Third Party Advisory ([email protected])
https://github.com/elementor/elementor/commit/292fc49e0f979bd52d838f0326d1faaebfa59f5e Patch (af854a3a-2127-422b-91ae-364da2661108)
https://wpscan.com/vulnerability/8273357e-f9e1-44bc-8082-8faab838eda7 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)