Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elementor website builder vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-24201
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or abo...
Elementor Website Builder
5.4
CVSSv3
CVE-2021-24202
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or a...
Elementor Website Builder
5.4
CVSSv3
CVE-2021-24203
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or abo...
Elementor Website Builder
5.4
CVSSv3
CVE-2021-24204
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contribut...
Elementor Website Builder
5.4
CVSSv3
CVE-2021-24205
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or ...
Elementor Website Builder
5.4
CVSSv3
CVE-2021-24206
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor o...
Elementor Website Builder
6.1
CVSSv3
CVE-2021-24891
The Elementor Website Builder WordPress plugin prior to 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue.
Elementor Website Builder
5.4
CVSSv3
CVE-2020-8426
The Elementor plugin prior to 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user.
Elementor Website Builder
9.8
CVSSv3
CVE-2020-7109
The Elementor Page Builder plugin prior to 2.8.4 for WordPress does not sanitize data during creation of a new template.
Elementor Website Builder
7.2
CVSSv3
CVE-2023-0329
The Elementor Website Builder WordPress plugin prior to 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role.
Elementor Website Builder
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »