The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the upload_files capability to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the stored web scripts.
Metrics
Affected Vendors & Products
References
History
Sat, 21 Dec 2024 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-06-07T01:51:17.119Z
Updated: 2024-12-20T23:56:15.072Z
Reserved: 2023-06-06T12:37:02.385Z
Link: CVE-2020-36703
Vulnrichment
Updated: 2024-08-04T17:37:05.251Z
NVD
Status : Modified
Published: 2023-06-07T02:15:11.327
Modified: 2024-11-21T05:30:06.610
Link: CVE-2020-36703
Redhat
No data.