CyberRota Yorumu
Detaylı analiz gerekiyor.
CVE
CVE-2026-12869
Severity
UNKNOWN
CVSS
N/A
EPSS
Yok
WordPress Java
Orijinal NVD Açıklaması
The Header Footer Builder for Elementor WordPress plugin before 1.2.1 does not require an administrative capability for its dashboard template-import action (it allows any edit_posts user), so a Contributor can import a template containing an Elementor HTML widget configured to display site-wide, injecting JavaScript that executes in the session of any visitor or administrator who loads the site.