CVE-2020-8426: XSS
First published: Tue Jan 28 2020(Updated: )
The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elementor Website Builder WordPress | <2.8.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-8426.
What is the affected software for this vulnerability?
The affected software for this vulnerability is Elementor Website Builder plugin version up to 2.8.5 for WordPress.
What is the severity of CVE-2020-8426?
The severity of CVE-2020-8426 is medium with a severity score of 5.4.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by targeting an authenticated user through a reflected XSS attack on the elementor-system-info page.
How can I fix CVE-2020-8426?
To fix CVE-2020-8426, update the Elementor plugin to version 2.8.5 or higher.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/elementor
- canonical/elementor website builder wordpress