CVE-2026-12869
Header Footer Builder for Elementor < 1.2.1 - Contributor+ Stored XSS via Template Import
CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
0th
The Header Footer Builder for Elementor WordPress plugin before 1.2.1 does not require an administrative capability for its dashboard template-import action (it allows any edit_posts user), so a Contributor can import a template containing an Elementor HTML widget configured to display site-wide, injecting JavaScript that executes in the session of any visitor or administrator who loads the site.
| Vendor | unknown |
| Product | header footer builder for elementor |
| Published | Jul 16, 2026 |
| Last Updated | Jul 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown header footer builder for elementor
Be the first to know when new medium vulnerabilities affecting unknown header footer builder for elementor are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / Header Footer Builder for Elementor
0 < 1.2.1
References
Credits
Vaibhav Narkhede WPScan