mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
926 B
926 B
CVE-2022-4953
&color=brighgreen)
Description
The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.
POC
Reference
- http://packetstormsecurity.com/files/174550/WordPress-Elementor-Iframe-Injection.html
- https://wpscan.com/vulnerability/8273357e-f9e1-44bc-8082-8faab838eda7
Github
No PoCs found on GitHub currently.