Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elementor elementor pro vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2020-26596
The Dynamic OOO widget for the Elementor Pro plugin up to and including 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. NOTE: this issue can be mitigated ...
Elementor Elementor Pro
7.5
CVSSv2
CVE-2021-24949
The "WP Search Filters" widget of The Plus Addons for Elementor - Pro WordPress plugin prior to 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection
Posimyth The Plus Addons For Elementor
6.5
CVSSv2
CVE-2020-13126
An issue exists in the Elementor Pro plugin prior to 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor...
Elementor Elementor Page Builder
5
CVSSv2
CVE-2021-24948
The Plus Addons for Elementor - Pro WordPress plugin prior to 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts
Posimyth The Plus Addons For Elementor
4.3
CVSSv2
CVE-2018-18379
The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin prior to 2.0.10 for WordPress has XSS.
Elementor Elementor Page Builder
3.5
CVSSv2
CVE-2021-24292
The Happy Addons for Elementor WordPress plugin prior to 2.24.0, Happy Addons Pro for Elementor WordPress plugin prior to 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar meth...
Wedevs Happy Addons For Elementor
NA
CVE-2024-3668
The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for...
NA
CVE-2024-5612
The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanit...
NA
CVE-2024-5086
The Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 d...
NA
CVE-2023-47178
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a up to and including 5.2.8...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »