Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elementor website builder vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-7109
The Elementor Page Builder plugin prior to 2.8.4 for WordPress does not sanitize data during creation of a new template.
Elementor Website Builder
8.8
CVSSv3
CVE-2022-1329
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for malicious users to modify site data in addition to u...
Elementor Website Builder
3 Github repositories
7.2
CVSSv3
CVE-2023-0329
The Elementor Website Builder WordPress plugin prior to 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role.
Elementor Website Builder
6.5
CVSSv3
CVE-2020-20634
Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog.
Elementor Website Builder
6.4
CVSSv3
CVE-2024-4619
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hover_animation’ parameter in versions up to, and including, 3.21.4 due to insufficient input sanitization and outp...
6.1
CVSSv3
CVE-2022-4953
The Elementor Website Builder WordPress plugin prior to 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.
Elementor Website Builder
6.1
CVSSv3
CVE-2022-29455
DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.
Elementor Website Builder
7 Github repositories
6.1
CVSSv3
CVE-2021-24891
The Elementor Website Builder WordPress plugin prior to 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue.
Elementor Website Builder
6.1
CVSSv3
CVE-2020-36171
The Elementor Website Builder plugin prior to 3.0.14 for WordPress does not properly restrict SVG uploads.
Elementor Website Builder
5.4
CVSSv3
CVE-2023-47505
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor.Com Elementor allows Cross-Site Scripting (XSS).This issue affects Elementor: from n/a up to and including 3.16.4.
Elementor Website Builder
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »