Elementor: >> Website Builder >> 3.4.6 Security Vulnerabilities
The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role.
CVSS Score
7.2
EPSS Score
0.081
Published
2023-05-30
DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.
CVSS Score
4.7
EPSS Score
0.58
Published
2022-06-13
The Elementor Website Builder WordPress plugin before 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue.
CVSS Score
6.1
EPSS Score
0.095
Published
2021-11-23
Page 3