Vulnerabilities > CVE-2022-4953 - Unspecified vulnerability in Elementor Website Builder

047910
CVSS 6.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
elementor
NVD
Published: 2023-08-14
Updated: 2024-01-16

Summary

The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.

Vulnerable Configurations

Part Description Count
Application
Elementor
359

References