Elementor is a WordPress page builder plugin that allows you to easily create and customize beautiful websites using a drag-and-drop interface. With Elementor, you can create any type of design including complex designs without writing any code. The plugin offers a wide range of customization tools including multiple columns, backgrounds, typography and more. It also offers widgets for embedding images, videos and other media into your website. Elementor also allows you to connect your website to third party services such as e-commerce platforms and more. It is a powerful tool for creating highly customized and stylish websites with minimal effort. Elementor is a great solution for beginners and experienced WordPress users alike since it allows them to quickly edit their websites without requiring any coding knowledge. It is also very user-friendly and intuitive, making it easy to create stunning designs. 


A Cross Site Scripting (XSS) vulnerability in WordPress Elementor Website Builder Plugin could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 3.5.6. 

WordPress Vulnerability – XSS ( Cross-Site Scripting )


Base Score:  6.1 MEDIUM

Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N


Vulnerability Location

https://add your target here/wp-content/plugins/elementor/assets/js/frontend.min.js

Vulnerable Version <= 3.5.5 versions


Update the WordPress Elementor plugin to the latest available version (at least 3.5.6) or latest.

We Tried It On Ourselves

Yes, we attempted the Proof of Concept (PoC) on our website and on older versions to verify full successful exploitation so you don’t have to! 😎

No worries! We saved you the trouble.