DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.
References
Link | Resource |
---|---|
https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-5-5-unauthenticated-dom-based-reflected-cross-site-scripting-xss-vulnerability | Third Party Advisory |
https://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor | Broken Link Exploit Third Party Advisory |
https://wordpress.org/plugins/elementor/#developers | Release Notes Third Party Advisory |
Configurations
History
No history.
Information
Published : 2022-06-13 17:15
Updated : 2024-02-28 19:09
NVD link : CVE-2022-29455
Mitre link : CVE-2022-29455
CVE.ORG link : CVE-2022-29455
JSON object : View
Products Affected
elementor
- website_builder
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')