CVE-2020-36171: XSS
First published: Wed Jan 06 2021(Updated: )
The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elementor Website Builder WordPress | <3.0.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Elementor Website Builder plugin issue?
The vulnerability ID for this Elementor Website Builder plugin issue is CVE-2020-36171.
What is the severity level of CVE-2020-36171?
CVE-2020-36171 has a severity level of medium.
What is the affected software for CVE-2020-36171?
The affected software for CVE-2020-36171 is Elementor Website Builder plugin for WordPress versions up to 3.0.14.
What is the Common Weakness Enumeration (CWE) ID for CVE-2020-36171?
The Common Weakness Enumeration (CWE) ID for CVE-2020-36171 is CWE-79.
How can I fix CVE-2020-36171?
To fix CVE-2020-36171, update the Elementor Website Builder plugin to version 3.0.14 or later.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/elementor
- canonical/elementor website builder wordpress