Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elementor elementor pro vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-3124
The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilit...
Elementor Elementor Pro
1 Github repository
6.1
CVSSv3
CVE-2018-18379
The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin prior to 2.0.10 for WordPress has XSS.
Elementor Elementor Page Builder
9.9
CVSSv3
CVE-2020-13126
An issue exists in the Elementor Pro plugin prior to 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor...
Elementor Elementor Page Builder
8.8
CVSSv3
CVE-2020-26596
The Dynamic OOO widget for the Elementor Pro plugin up to and including 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. NOTE: this issue can be mitigated ...
Elementor Elementor Pro
5.3
CVSSv3
CVE-2023-0443
The AnyWhere Elementor WordPress plugin prior to 1.2.8 discloses a Freemius Secret Key which could be used by an malicious user to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked.
Wpvibes Anywhere Elementor
6.1
CVSSv3
CVE-2023-32241
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDeveloper Essential Addons for Elementor Pro plugin <= 5.4.8 versions.
Wpdeveloper Essential Addons For Elementor
6.1
CVSSv3
CVE-2023-41236
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Happy addons Happy Elementor Addons Pro plugin <= 2.8.0 versions.
Wedevs Happy Addons For Elementor
6.1
CVSSv3
CVE-2023-34012
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premium Addons for Elementor Premium Addons PRO plugin <= 2.8.24 versions.
Leap13 Premium Addons For Elementor
8.8
CVSSv3
CVE-2023-32245
Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro.This issue affects Essential Addons for Elementor Pro: from n/a up to and including 5.4.8.
Wpdeveloper Essential Addons For Elementor
6.1
CVSSv3
CVE-2023-6632
The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 (versions up to 2.9.1.1 in Happy Addons for Elementor Pro) due to insufficient input sanitization and output escaping. This make...
Wedevs Happy Addons For Elementor
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »