- December 7, 2022
- 7:36 pm
Elementor is a WordPress page builder plugin that allows you to easily create and customize beautiful websites using a drag-and-drop interface. With Elementor, you can create any type of design including complex designs without writing any code. The plugin offers a wide range of customization tools including multiple columns, backgrounds, typography and more. It also offers widgets for embedding images, videos and other media into your website. Elementor also allows you to connect your website to third party services such as e-commerce platforms and more. It is a powerful tool for creating highly customized and stylish websites with minimal effort. Elementor is a great solution for beginners and experienced WordPress users alike since it allows them to quickly edit their websites without requiring any coding knowledge. It is also very user-friendly and intuitive, making it easy to create stunning designs.
Vulnerability
A Cross Site Scripting (XSS) vulnerability in WordPress Elementor Website Builder Plugin could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 3.5.6.
WordPress Vulnerability – XSS ( Cross-Site Scripting )
NIST: NVD
Base Score: 6.1 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Location
https://add your target here/wp-content/plugins/elementor/assets/js/frontend.min.js
Vulnerable Version <= 3.5.5 versions
Solution:
Update the WordPress Elementor plugin to the latest available version (at least 3.5.6) or latest.
We Tried It On Ourselves
Yes, we attempted the Proof of Concept (PoC) on our website and on older versions to verify full successful exploitation so you don’t have to! 
No worries! We saved you the trouble.
