Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elementor website builder vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-7109
The Elementor Page Builder plugin prior to 2.8.4 for WordPress does not sanitize data during creation of a new template.
Elementor Website Builder
6.5
CVSSv2
CVE-2022-1329
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for malicious users to modify site data in addition to u...
Elementor Website Builder
3 Github repositories
4.3
CVSSv2
CVE-2022-29455
DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.
Elementor Website Builder
7 Github repositories
4.3
CVSSv2
CVE-2021-24891
The Elementor Website Builder WordPress plugin prior to 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue.
Elementor Website Builder
4.3
CVSSv2
CVE-2020-36171
The Elementor Website Builder plugin prior to 3.0.14 for WordPress does not properly restrict SVG uploads.
Elementor Website Builder
4
CVSSv2
CVE-2020-20634
Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog.
Elementor Website Builder
3.5
CVSSv2
CVE-2021-24203
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or abo...
Elementor Website Builder
3.5
CVSSv2
CVE-2021-24204
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contribut...
Elementor Website Builder
3.5
CVSSv2
CVE-2021-24205
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or ...
Elementor Website Builder
3.5
CVSSv2
CVE-2021-24206
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor o...
Elementor Website Builder
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »