Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
elementor vulnerabilities and exploits
(subscribe to this query)
6.1
CVE-2023-41236
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Happy addons Happy Elementor Addons Pro plugin <= 2.8.0 versions....
Wedevs Happy Addons For Elementor
4.3
CVE-2023-0689
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain...
Wpmet Metform Elementor Contact Form Builder
6.1
CVE-2023-32241
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDeveloper Essential Addons for Elementor Pro plugin <= 5.4.8 versions....
Wpdeveloper Essential Addons For Elementor
6.1
CVE-2022-4953
The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs....
Elementor Website Builder
5.3
CVE-2023-3779
The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for...
Wpdeveloper Essential Addons For Elementor
8.8
CVE-2022-47169
Cross-Site Request Forgery (CSRF) vulnerability in StaxWP Visibility Logic for Elementor plugin <= 2.3.4 versions....
Staxwp Visibility Logic For Elementor
5.3
CVE-2023-3709
The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for...
Royal-elementor-addons Royal Elementor Addons
8.8
CVE-2022-47172
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions....
Hasthemes Woolentor - Woocommerce Elementor Addons \\+ Builder
4.3
CVE-2023-2517
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalink_setup function. This makes it possible for unauthenticated...
Wpmet Metform Elementor Contact Form Builder
8.8
CVE-2023-28989
Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons for Elementor plugin <= 3.8.2 versions....
Wedevs Happy Addons For Elementor
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
insecure direct object reference
CVE-2023-30736
CVE-2023-39647
CVE-2023-42793
inject
CVE-2023-20101
CVE-2023-4497
XXE
CVE-2023-5217
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »