Description
The Elementor Website Builder WordPress plugin before 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue.
Affected products
- Unknown / Elementor Website Builder3.4.8 – 3.4.8
Exploits & proofs of concept
- nucleiWordPress Elementor Website Builder <3.1.4 - Cross-Site Scriptingby dhiyaneshDk