Lucene search
K
ElementorElementor Page Builder

8 matches found

CVE
CVE
added 2025/06/10 4:23 a.m.174 views

CVE-2025-3076

CVE-2025-3076 : Elementor Website Builder Pro for WordPress is affected by a Stored Cross-Site Scripting (XSS) due to insufficient input sanitization and output escaping in the button_text parameter, affecting versions up to and including 3.29.0. Exploitation requires authentication at Contributo...

6.4CVSS5.7AI score0.00169EPSS
CVE
CVE
added 2020/06/05 9:23 p.m.145 views

CVE-2020-13865

The CVE-2020-13865 entry concerns the Elementor Page Builder WordPress plugin, affected in versions prior to 2.9.9. The root cause is multiple stored XSS vulnerabilities stemming from inadequate validation of user-controlled data, enabling an author to craft posts or attributes that trigger store...

5.4CVSS5.2AI score0.00761EPSS
CVE
CVE
added 2020/06/05 9:21 p.m.136 views

CVE-2020-13864

Elementor Page Builder for WordPress (pre-2.9.9) is affected by a stored XSS: an author can insert a crafted payload in custom links that persists in posts. Multiple sources (NVD/NVD-derived CVE entry; OpenVAS/WPVulnDB entries) confirm the vulnerability class and variant; no exploit specifics bey...

5.4CVSS5.1AI score0.00761EPSS
CVE
CVE
added 2019/09/10 10:55 a.m.109 views

CVE-2017-18596

CVE-2017-18596 affects the WordPress Elementor plugin, specifically versions before 1.8.0. The root cause is incorrect access control for internal functions within the plugin, enabling potential abuse by authenticated users (as indicated by related sources) and leading to unwanted actions inside ...

8.8CVSS8.7AI score0.01381EPSS
CVE
CVE
added 2020/05/17 12:38 a.m.106 views

CVE-2020-13126

The CVE-2020-13126 entry concerns Elementor Pro for WordPress (before 2.9.4). Affected component: Elementor Pro plugin; root cause: authenticated user with Subscriber role can upload arbitrary executable files, enabling remote code execution. Note: the free Elementor plugin is unaffected. Exploit...

9.9CVSS7.2AI score0.08565EPSS
Web
CVE
CVE
added 2019/10/07 11:28 a.m.105 views

CVE-2018-18379

The CVE-2018-18379 entry concerns the Elementor Pro WordPress plugin before version 2.0.10, where the elementor-edit-template class in wp-admin/customize.php enables cross-site scripting due to improper validation of client-side data. The vulnerability affects Elementor Pro on WordPress and is ex...

6.1CVSS6.3AI score0.01303EPSS
CVE
CVE
added 2020/04/22 5:2 p.m.76 views

CVE-2020-7055

Elementor 2.7.4 is vulnerable to an arbitrary file upload in the Import Templates feature, enabling code execution via a crafted ZIP archive. Root cause: the Import Templates handler accepts ZIPs that can place executable PHP files on the server. Affected product: WordPress Elementor plugin (vers...

9.9CVSS9.3AI score0.03072EPSS
CVE
CVE
added 2020/09/16 7:59 p.m.58 views

CVE-2020-20406

The CVE-2020-20406 entry concerns Elementor Page Builder (v2.9.2 and earlier) where a Stored Cross-Site Scripting (XSS) flaw exists in the Custom Link Attributes control Affect function due to inadequate filtering of link attributes. The impact is stored XSS; details on exploit vectors or affecte...

5.4CVSS5.2AI score0.00696EPSS