Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elementor vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-3709
The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated...
Royal-elementor-addons Royal Elementor Addons
3.1
CVSSv3
CVE-2022-4102
The Royal Elementor Addons WordPress plugin prior to 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts...
Royal-elementor-addons Royal Elementor Addons
4.3
CVSSv3
CVE-2022-4103
The Royal Elementor Addons WordPress plugin prior to 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any...
Royal-elementor-addons Royal Elementor Addons
4.3
CVSSv3
CVE-2024-0835
The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscri...
Royal-elementor-addons Royal Elementor Kit
9.8
CVSSv3
CVE-2023-5360
The Royal Elementor Addons and Templates WordPress plugin prior to 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
Royal-elementor-addons Royal Elementor Addons
12 Github repositories
4.3
CVSSv3
CVE-2024-0511
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for una...
Royal-elementor-addons Royal Elementor Addons
7.5
CVSSv3
CVE-2023-5922
The Royal Elementor Addons and Templates WordPress plugin prior to 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private...
Royal-elementor-addons Royal Elementor Addons
6.5
CVSSv3
CVE-2023-0336
The OoohBoi Steroids for Elementor WordPress plugin prior to 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment.
Ooohboi Steroids For Elementor Project Ooohboi Steroids For Elementor
4.3
CVSSv3
CVE-2023-1169
The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'file_uploader_callback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level malicious users...
Ooohboi Steroids For Elementor Project Ooohboi Steroids For Elementor
8.8
CVSSv3
CVE-2020-26596
The Dynamic OOO widget for the Elementor Pro plugin up to and including 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. NOTE: this issue can be mitigated ...
Elementor Elementor Pro
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »