Elementor Page Builder@* Security Vulnerabilities and Issues — Elementor Page Builder@* CVE List

Lucene search

ElementorElementor Page Builder*

6 matches found

CVE•added 2020/06/05 10:15 p.m.•131 views

CVE-2020-13865

The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.

5.4CVSS5.2AI score0.00128EPSS

CVE•added 2020/06/05 10:15 p.m.•122 views

CVE-2020-13864

The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.

5.4CVSS5.1AI score0.00128EPSS

CVE•added 2019/09/10 11:15 a.m.•93 views

CVE-2017-18596

The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions.

8.8CVSS8.7AI score0.00581EPSS

CVE•added 2019/10/07 12:15 p.m.•89 views

CVE-2018-18379

The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS.

6.1CVSS6.3AI score0.00611EPSS

CVE•added 2020/05/17 1:15 a.m.•81 views

CVE-2020-13126

An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is un...

9.9CVSS7.2AI score0.08487EPSS

Web

CVE•added 2025/06/10 5:15 a.m.•59 views

CVE-2025-3076

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_text’ parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contr...

6.4CVSS5.7AI score0.00039EPSS