Elementor Website Builder – More than Just a Page Builder, CVE-2022-4953

CVE, Research URL: CVE-2022-4953
Home page URL: Security reports for Elementor Website Builder – More than Just a Page Builder
Application: Elementor Website Builder – More than Just a Page Builder
Published on: Aug 15, 2023
Research Description: The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.
Affected versions: Min -, max 3.13.2.
Status: vulnerable