CVE-2022-4953

Summary

The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.

Affected Software

VendorProductVersion RangeStatus
UnknownElementor Website Builder0 < 3.5.5affected

Weaknesses

  • CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

ADP Enrichment

CVE Program Container

Additional References

References