Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elementor vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3124
The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilit...
Elementor Elementor Pro
1 Github repository
4.3
CVSSv2
CVE-2018-18379
The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin prior to 2.0.10 for WordPress has XSS.
Elementor Elementor Page Builder
6.5
CVSSv2
CVE-2017-18596
The elementor plugin prior to 1.8.0 for WordPress has incorrect access control for internal functions.
Elementor Elementor Page Builder
6.5
CVSSv2
CVE-2020-13126
An issue exists in the Elementor Pro plugin prior to 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor...
Elementor Elementor Page Builder
3.5
CVSSv2
CVE-2020-13864
The Elementor Page Builder plugin prior to 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
Elementor Elementor Page Builder
3.5
CVSSv2
CVE-2020-13865
The Elementor Page Builder plugin prior to 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
Elementor Elementor Page Builder
9
CVSSv2
CVE-2020-7055
An issue exists in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an malicious user to execute code via a crafted ZIP archive.
Elementor Elementor Page Builder
3.5
CVSSv2
CVE-2020-20406
A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and previous versions versions. It is caused by inadequate filtering on the link custom attributes.
Elementor Elementor Page Builder
NA
CVE-2023-5360
The Royal Elementor Addons and Templates WordPress plugin prior to 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
Royal-elementor-addons Royal Elementor Addons
12 Github repositories
NA
CVE-2023-3709
The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated...
Royal-elementor-addons Royal Elementor Addons
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »