CVE-2020-15020: XSS
First published: Mon Aug 31 2020(Updated: )
An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elementor Website Builder WordPress | <=2.9.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Elementor plugin issue?
The vulnerability ID for this Elementor plugin issue is CVE-2020-15020.
What is the severity level of CVE-2020-15020?
The severity level of CVE-2020-15020 is medium, with a CVSS score of 5.4.
What is the affected software?
The affected software is Elementor Website Builder for WordPress, up to version 2.9.13.
How can an attacker exploit CVE-2020-15020?
An authenticated attacker can achieve stored XSS via the Name Your Template field.
Are there any references for CVE-2020-15020?
Yes, you can find references for CVE-2020-15020 at the following URLs: [reference1] [reference2].
- collector/nvd-index
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/elementor
- canonical/elementor website builder wordpress
- version/elementor website builder wordpress/2.9.13