Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
elementor vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-29455
DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions....
Elementor Website Builder
7.5
CVSSv3
CVE-2022-1442
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of...
Wpmet Metform Elementor Contact Form Builder
8.8
CVSSv3
CVE-2022-1329
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to...
Elementor Elementor Website Builder
1 Github repository available
6.1
CVSSv3
CVE-2022-0327
The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX action, available to unauthenticated and authenticated users, leading to a...
Jeweltheme Master Addons For Elementor
6.1
CVSSv3
CVE-2022-0683
The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the ~/includes/Traits/Helper.php file which allows attackers to inject arbitrary web scripts onto a...
Wpdeveloper Essential Addons For Elementor
9.8
CVSSv3
CVE-2022-0320
The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server,...
Wpdeveloper Essential Addons For Elementor
9.8
CVSSv3
CVE-2021-24949
The "WP Search Filters" widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection...
Posimyth The Plus Addons For Elementor
7.5
CVSSv3
CVE-2021-24948
The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts...
Posimyth The Plus Addons For Elementor
6.1
CVSSv3
CVE-2021-25027
The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue...
Ideabox Powerpack Addons For Elementor
6.1
CVSSv3
CVE-2021-24967
The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.6.4 does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting attacks against logged in admin viewing the inserted Leads...
Themehunk Contact Form \\& Lead Form Elementor Builder
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-34595
CVE-2022-23713
CVE-2022-21786
hard-coded
remote attackers
cross-site request forgery
CVE-2022-2274
CVE-2021-37839
CVE-2022-26135
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »
Vulmon