CVE-2020-13865: XSS
First published: Fri Jun 05 2020(Updated: )
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elementor Elementor Page Builder | <2.9.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-13865?
CVE-2020-13865 is a vulnerability in the Elementor Page Builder plugin for WordPress that allows for multiple stored XSS vulnerabilities.
How does CVE-2020-13865 affect WordPress?
CVE-2020-13865 affects the Elementor Page Builder plugin before version 2.9.9 and can be exploited by an author user creating posts with crafted links or custom attributes, resulting in stored XSS vulnerabilities.
What is the severity of CVE-2020-13865?
CVE-2020-13865 has a severity rating of medium, with a CVSS score of 5.4.
How can I fix CVE-2020-13865 in Elementor Page Builder plugin?
To fix CVE-2020-13865, you should update to version 2.9.9 or newer of the Elementor Page Builder plugin for WordPress.
Where can I find more information about CVE-2020-13865?
You can find more information about CVE-2020-13865 at the following link: [https://www.softwaresecured.com/elementor-page-builder-stored-xss/](https://www.softwaresecured.com/elementor-page-builder-stored-xss/)
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/elementor
- canonical/elementor elementor page builder