Elementor: >> Website Builder >> 3.5.0 Security Vulnerabilities
The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role.
CVSS Score
7.2
EPSS Score
0.081
Published
2023-05-30
DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.
CVSS Score
4.7
EPSS Score
0.58
Published
2022-06-13
Page 3