exploitDog

CVE-2022-4953

Опубликовано: 14 авг. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.

Ссылки

https://github.com/elementor/elementor/commit/292fc49e0f979bd52d838f0326d1faaebfa59f5e
Patch
https://wpscan.com/vulnerability/8273357e-f9e1-44bc-8082-8faab838eda7
Exploit
Third Party Advisory
https://github.com/elementor/elementor/commit/292fc49e0f979bd52d838f0326d1faaebfa59f5e
Patch
https://wpscan.com/vulnerability/8273357e-f9e1-44bc-8082-8faab838eda7
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:elementor:website_builder:*:*:*:*:*:wordpress:*:*

Версия до 3.5.5 (исключая)

EPSS

Процентиль: 92%

0.07896

Низкий

6.1 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-3gvr-rm94-r528

CVSS3: 6.1

github

больше 2 лет назад

The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.

EPSS

Процентиль: 92%

0.07896

Низкий

6.1 Medium

CVSS3

Дефекты