Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elementor vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-3124
The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilit...
Elementor Elementor Pro
1 Github repository
9.9
CVSSv3
CVE-2020-7055
An issue exists in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an malicious user to execute code via a crafted ZIP archive.
Elementor Elementor Page Builder
5.4
CVSSv3
CVE-2020-20406
A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and previous versions versions. It is caused by inadequate filtering on the link custom attributes.
Elementor Elementor Page Builder
8.8
CVSSv3
CVE-2017-18596
The elementor plugin prior to 1.8.0 for WordPress has incorrect access control for internal functions.
Elementor Elementor Page Builder
6.1
CVSSv3
CVE-2018-18379
The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin prior to 2.0.10 for WordPress has XSS.
Elementor Elementor Page Builder
9.9
CVSSv3
CVE-2020-13126
An issue exists in the Elementor Pro plugin prior to 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor...
Elementor Elementor Page Builder
5.4
CVSSv3
CVE-2020-13865
The Elementor Page Builder plugin prior to 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
Elementor Elementor Page Builder
5.4
CVSSv3
CVE-2020-13864
The Elementor Page Builder plugin prior to 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
Elementor Elementor Page Builder
6.1
CVSSv3
CVE-2022-4710
The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_f...
Royal-elementor-addons Royal Elementor Addons
4.3
CVSSv3
CVE-2022-4711
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions,...
Royal-elementor-addons Royal Elementor Addons
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »