CVE-2021-24891

Summary

The Elementor Website Builder WordPress plugin before 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue.

Affected Software

VendorProductVersion RangeStatus
UnknownElementor Website Builder3.4.8 < 3.4.8affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References