Review
Header Footer Builder for Elementor
CVE published 2026-07-16
CVE-2026-12869
The Header Footer Builder for Elementor WordPress plugin before 1.2.1 has a security vulnerability that allows Contributors to import templates containing malicious JavaScript code. This code can be executed site-wide, affecting any visitor or administrator who loads the site. The vulnerability exists because the plugin's dashboard template-import action does not require administrative capability, only ed [truncated]