Input validation vulnerability in Elementor Website Builder – More than Just a Page Builder 3.5.4

The Elementor plugin for WordPress is vulnerable to a security risk called Reflected Cross-Site Scripting. This vulnerability exists in versions up to, and including, 3.5.4. It is caused by the plugin not properly filtering and protecting user input. Unauthenticated attackers could exploit this vulnerability by creating links that, when clicked, inject malicious code such as iframes into pages.

Detected in:

Elementor Website Builder – More than Just a Page Builder fixed vulnerable versions: >= * <= 3.5.4

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

Is this information incorrect? Please leave us a message.