CVE-2022-4953
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Aug 14, 2023
Updated: Jan 16, 2024
Summary
CVE-2022-4953 is a vulnerability affecting the Elementor Website Builder plugin for WordPress. Before version 3.5.5, the plugin failed to filter out user-controlled URLs, allowing malicious actors to inject rogue iframes into the DOM. This issue could potentially lead to the loading of malicious content and pose a significant security risk to websites using the vulnerable plugin. It is highly recommended that users update to the latest version of Elementor to mitigate this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Elementor Website Builder
Affected Vendors
- Elementor