8 matches found
CVE-2025-3076
CVE-2025-3076 : Elementor Website Builder Pro for WordPress is affected by a Stored Cross-Site Scripting (XSS) due to insufficient input sanitization and output escaping in the button_text parameter, affecting versions up to and including 3.29.0. Exploitation requires authentication at Contributo...
CVE-2020-13865
The CVE-2020-13865 entry concerns the Elementor Page Builder WordPress plugin, affected in versions prior to 2.9.9. The root cause is multiple stored XSS vulnerabilities stemming from inadequate validation of user-controlled data, enabling an author to craft posts or attributes that trigger store...
CVE-2020-13864
Elementor Page Builder for WordPress (pre-2.9.9) is affected by a stored XSS: an author can insert a crafted payload in custom links that persists in posts. Multiple sources (NVD/NVD-derived CVE entry; OpenVAS/WPVulnDB entries) confirm the vulnerability class and variant; no exploit specifics bey...
CVE-2017-18596
CVE-2017-18596 affects the WordPress Elementor plugin, specifically versions before 1.8.0. The root cause is incorrect access control for internal functions within the plugin, enabling potential abuse by authenticated users (as indicated by related sources) and leading to unwanted actions inside ...
CVE-2020-13126
The CVE-2020-13126 entry concerns Elementor Pro for WordPress (before 2.9.4). Affected component: Elementor Pro plugin; root cause: authenticated user with Subscriber role can upload arbitrary executable files, enabling remote code execution. Note: the free Elementor plugin is unaffected. Exploit...
CVE-2018-18379
The CVE-2018-18379 entry concerns the Elementor Pro WordPress plugin before version 2.0.10, where the elementor-edit-template class in wp-admin/customize.php enables cross-site scripting due to improper validation of client-side data. The vulnerability affects Elementor Pro on WordPress and is ex...
CVE-2020-7055
Elementor 2.7.4 is vulnerable to an arbitrary file upload in the Import Templates feature, enabling code execution via a crafted ZIP archive. Root cause: the Import Templates handler accepts ZIPs that can place executable PHP files on the server. Affected product: WordPress Elementor plugin (vers...
CVE-2020-20406
The CVE-2020-20406 entry concerns Elementor Page Builder (v2.9.2 and earlier) where a Stored Cross-Site Scripting (XSS) flaw exists in the Custom Link Attributes control Affect function due to inadequate filtering of link attributes. The impact is stored XSS; details on exploit vectors or affecte...