CVE-2020-15020

An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field.

Published: Aug 31, 2020
Updated: Jul 14, 2024
CVE: CVE-2020-15020
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
elementor / website_builder	-	2.9.13.x
Elementor Website Builder	-	2.9.14

http://hidden-one.co.in/2020/07/07/cve-2020-1020-stored-xss-on-elementor-wordpress-plugin/
https://wordpress.org/plugins/elementor/#developers

Vulnerability Database

289,782

CVE-2020-15020