CVE-2022-4953

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 14, 2023
Updated: Jan 16, 2024

Summary

CVE-2022-4953 is a vulnerability affecting the Elementor Website Builder plugin for WordPress. Before version 3.5.5, the plugin failed to filter out user-controlled URLs, allowing malicious actors to inject rogue iframes into the DOM. This issue could potentially lead to the loading of malicious content and pose a significant security risk to websites using the vulnerable plugin. It is highly recommended that users update to the latest version of Elementor to mitigate this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Elementor Website Builder

Affected Vendors

  • Elementor