CVE-2020-36703

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the upload_files capability to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the stored web scripts.

We have discovered 78,614 live websites that are affected by CVE-2020-36703.

Test my site



Affected Software

Product  Elementor
Category Landing Page Builders
Vulnerable Domains78,614 live websites (3.01% of Elementor install base)
Vulnerable Versions
  • from 0 through 2.9.7
Vulnerable Versions Count241 versions ( 51.72% of all versions)



Details

  • Published - Jun 7, 2023
  • Updated - Dec 20, 2024

Credits

  • Jerome Bruandet (finder)

CVE-2020-36703 usage by Country

United States22,273 websites


Germany8,239 websites
France5,241 websites
Russia3,942 websites
Brazil2,827 websites
Poland2,807 websites
GB2,372 websites
Japan2,369 websites
Spain1,981 websites
Italy1,731 websites

CVE-2020-36703 usage by TLD

.com29,490 websites
.com.br4,032 websites
.de3,678 websites
.ru3,196 websites
.org2,509 websites
.pl2,282 websites
.fr2,019 websites
.co.uk1,687 websites
.nl1,566 websites
.it1,456 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2020-36703

Top websites that are affected by CVE-2020-36703. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
***********.com United States*,***
*********.com United States**,***
*****.org United States**,***
*************.com United States**,***
************.com United States**,***
***********.com United States**,***
**********.com United States**,***
****.me United States**,***
*****.com United States**,***
**************.info Israel**,***
See full domain list

FAQ

A total of 78,614 websites have been identified as vulnerable to CVE-2020-36703, discovered through global website indexing conducted by WebTechSurvey.
Elementor is susceptible to CVE-2020-36703 vulnerability.
Elementor versions before, and including, 2.9.7 are vulnerable to CVE-2020-36703.