Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elementor elementor page builder vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-24206
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor o...
Elementor Website Builder
NA
CVE-2023-0084
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated mali...
Wpmet Metform Elementor Contact Form Builder
NA
CVE-2023-0708
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_first_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level ...
Wpmet Metform Elementor Contact Form Builder
NA
CVE-2023-0709
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_last_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level p...
Wpmet Metform Elementor Contact Form Builder
NA
CVE-2023-0710
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'fname' attribute of the 'mf_thankyou' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated a...
Wpmet Metform Elementor Contact Form Builder
NA
CVE-2022-4950
Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.
Coolplugins The Events Calendar Countdown Addon
Coolplugins Events-notification-bar-addon
Coolplugins Cool Timeline
Coolplugins Events Shortcodes For The Events Calendar
Coolplugins Event Single Page Builder For The Event Calendar
Coolplugins Events Search For The Events Calendar
Coolplugins Events Widgets For Elementor And The Events Calendar
Coolplugins Cryptocurrency Widgets For Elementor
Coolplugins Cryptocurrency Widgets
Cryptocurrency Payment \\& Donation Box Plugins Cryptocurrency Payment \\& Donation Box
5.8
CVSSv2
CVE-2021-24358
The Plus Addons for Elementor Page Builder WordPress plugin prior to 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.
Posimyth The Plus Addons For Elementor
4.3
CVSSv2
CVE-2021-24351
The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin prior to 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting (exploitable on both unauthenticated and authenticated users)
Posimyth The Plus Addons For Elementor
7.5
CVSSv2
CVE-2021-24175
The Plus Addons for Elementor Page Builder WordPress plugin prior to 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as creat...
Posimyth The Plus Addons For Elementor
NA
CVE-2021-4332
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for...
Posimyth The Plus Addons For Elementor
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »