.. / CVE-2022-29455

Exploit for WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting (CVE-2022-29455)

Description:

WordPress Elementor Website Builder plugin 3.5.5 and prior contains a reflected cross-site scripting vulnerability via the document object model.

Nuclei Template

View the template here CVE-2022-29455.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-29455.yaml

References:

https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-5-5-unauthenticated-dom-based-reflected-cross-site-scripting-xss-vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2022-29455
https://wordpress.org/plugins/elementor/#developers
https://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor
https://www.rotem-bar.com/elementor