43% of the web uses WordPress, from hobby blogs to the biggest news sites online.
Elementor is a very popular wordpress plugin that had a few vulnerabilities in the past.
– The DOM-based Reflected Cross-Site Scripting (XSS) vulnerability is in Elementor’s Elementor Website Builder plugin <= 3.5.5 versions.
This issue leads to: CVE 2022-29455
XSS can cause a variety of problems for the end user that range in severity from an annoyance to complete account compromise. The most severe XSS attacks involve disclosure of the user’s session cookie, allowing an attacker to hijack the user’s session and take over the account.
Fix: Update the Plugin to latest version!