PatchSiren

Header Footer Builder for Elementor CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Review Header Footer Builder for Elementor CVE published 2026-07-16

CVE-2026-12869

The Header Footer Builder for Elementor WordPress plugin before 1.2.1 has a security vulnerability that allows Contributors to import templates containing malicious JavaScript code. This code can be executed site-wide, affecting any visitor or administrator who loads the site. The vulnerability exists because the plugin's dashboard template-import action does not require administrative capability, only ed [truncated]