Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elementor vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-23683
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ozan Canakli White Label Branding for Elementor Page Builder plugin <= 1.0.2 versions.
White Label Branding For Elementor Page Builder Project White Label Branding For Elementor Page Builder
NA
CVE-2022-4953
The Elementor Website Builder WordPress plugin prior to 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.
Elementor Website Builder
3.5
CVSSv2
CVE-2021-24201
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or abo...
Elementor Website Builder
3.5
CVSSv2
CVE-2021-24202
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or a...
Elementor Website Builder
3.5
CVSSv2
CVE-2021-24204
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contribut...
Elementor Website Builder
3.5
CVSSv2
CVE-2020-8426
The Elementor plugin prior to 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user.
Elementor Website Builder
3.5
CVSSv2
CVE-2020-15020
An issue exists in the Elementor plugin up to and including 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field.
Elementor Website Builder
4
CVSSv2
CVE-2020-20634
Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog.
Elementor Website Builder
NA
CVE-2023-0329
The Elementor Website Builder WordPress plugin prior to 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role.
Elementor Website Builder
3.5
CVSSv2
CVE-2021-24203
In the Elementor Website Builder WordPress plugin prior to 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or abo...
Elementor Website Builder
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »