Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elementor elementor page builder vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2020-13126
An issue exists in the Elementor Pro plugin prior to 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor...
Elementor Elementor Page Builder
9.9
CVSSv3
CVE-2020-7055
An issue exists in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an malicious user to execute code via a crafted ZIP archive.
Elementor Elementor Page Builder
9.8
CVSSv3
CVE-2021-24175
The Plus Addons for Elementor Page Builder WordPress plugin prior to 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as creat...
Posimyth The Plus Addons For Elementor
9.8
CVSSv3
CVE-2020-7109
The Elementor Page Builder plugin prior to 2.8.4 for WordPress does not sanitize data during creation of a new template.
Elementor Website Builder
8.8
CVSSv3
CVE-2022-4950
Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.
Coolplugins The Events Calendar Countdown Addon
Coolplugins Events-notification-bar-addon
Coolplugins Cool Timeline
Coolplugins Events Shortcodes For The Events Calendar
Coolplugins Event Single Page Builder For The Event Calendar
Coolplugins Events Search For The Events Calendar
Coolplugins Events Widgets For Elementor And The Events Calendar
Coolplugins Cryptocurrency Widgets For Elementor
Coolplugins Cryptocurrency Widgets
Cryptocurrency Payment \\& Donation Box Plugins Cryptocurrency Payment \\& Donation Box
8.8
CVSSv3
CVE-2022-47166
Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.1.1 versions.
Voidcoders Void Contact Form 7 Widget For Elementor Page Builder
8.8
CVSSv3
CVE-2021-4331
The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can ch...
Posimyth The Plus Addons For Elementor
8.8
CVSSv3
CVE-2017-18596
The elementor plugin prior to 1.8.0 for WordPress has incorrect access control for internal functions.
Elementor Elementor Page Builder
6.5
CVSSv3
CVE-2021-4332
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for...
Posimyth The Plus Addons For Elementor
6.5
CVSSv3
CVE-2021-24158
Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden fro...
Themeisle Orbit Fox
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »