๐Ÿ” CVE Alert

CVE-2026-12869

MEDIUM 6.1

Header Footer Builder for Elementor < 1.2.1 - Contributor+ Stored XSS via Template Import

CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
0th

The Header Footer Builder for Elementor WordPress plugin before 1.2.1 does not require an administrative capability for its dashboard template-import action (it allows any edit_posts user), so a Contributor can import a template containing an Elementor HTML widget configured to display site-wide, injecting JavaScript that executes in the session of any visitor or administrator who loads the site.

Vendor unknown
Product header footer builder for elementor
Published Jul 16, 2026
Last Updated Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for unknown header footer builder for elementor

Be the first to know when new medium vulnerabilities affecting unknown header footer builder for elementor are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / Header Footer Builder for Elementor
0 < 1.2.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/3c6562d9-f55e-4d82-be95-60e82a6feecf/

Credits

Vaibhav Narkhede WPScan