Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elementor elementor page builder vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2021-24201
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or abo...
Elementor Website Builder
312
VMScore
CVE-2021-24204
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contribut...
Elementor Website Builder
312
VMScore
CVE-2021-24205
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or ...
Elementor Website Builder
NA
CVE-2023-0084
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated mali...
Wpmet Metform Elementor Contact Form Builder
NA
CVE-2023-0708
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_first_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level ...
Wpmet Metform Elementor Contact Form Builder
NA
CVE-2023-0709
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_last_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level p...
Wpmet Metform Elementor Contact Form Builder
NA
CVE-2023-0710
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'fname' attribute of the 'mf_thankyou' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated a...
Wpmet Metform Elementor Contact Form Builder
NA
CVE-2022-4950
Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.
Coolplugins The Events Calendar Countdown Addon
Coolplugins Events-notification-bar-addon
Coolplugins Cool Timeline
Coolplugins Events Shortcodes For The Events Calendar
Coolplugins Event Single Page Builder For The Event Calendar
Coolplugins Events Search For The Events Calendar
Coolplugins Events Widgets For Elementor And The Events Calendar
Coolplugins Cryptocurrency Widgets For Elementor
Coolplugins Cryptocurrency Widgets
Cryptocurrency Payment & Donation Box Plugins Cryptocurrency Payment & Donation Box
516
VMScore
CVE-2021-24358
The Plus Addons for Elementor Page Builder WordPress plugin prior to 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.
Posimyth The Plus Addons For Elementor
383
VMScore
CVE-2021-24351
The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin prior to 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting (exploitable on both unauthenticated and authenticated users)
Posimyth The Plus Addons For Elementor
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »