Elementor Pro Security Vulnerabilities and Issues — Elementor Pro CVE List

Lucene search

ElementorElementor Pro

10 matches found

CVE•added 2020/10/07 4:15 p.m.•441 views

CVE-2020-26596

The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. NOTE: this issue can be mitigated by removing the Dynamic OOO wid...

9CVSS8.9AI score0.17466EPSS

CVE•added 2023/06/07 2:15 a.m.•195 views

CVE-2023-3124

The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update arbit...

8.8CVSS8.3AI score0.41212EPSS

CVE•added 2024/03/16 5:15 a.m.•193 views

CVE-2024-23523

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Elementor Pro.This issue affects Elementor Pro: from n/a through 3.19.2.

6.5CVSS6.7AI score0.00203EPSS

CVE•added 2024/07/22 10:15 a.m.•137 views

CVE-2024-35656

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elementor Elementor Pro allows Reflected XSS.This issue affects Elementor Pro: from n/a through 3.21.2.

7.1CVSS7AI score0.00098EPSS

CVE•added 2024/03/27 7:15 a.m.•68 views

CVE-2024-1521

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacke...

6.4CVSS7.7AI score0.00088EPSS

CVE•added 2024/04/22 11:15 a.m.•59 views

CVE-2024-32681

Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2.

8.8CVSS6.8AI score0.00289EPSS

CVE•added 2024/03/27 7:15 a.m.•57 views

CVE-2024-2121

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Carousel widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for ...

5.4CVSS7.6AI score0.00094EPSS

CVE•added 2024/03/27 7:15 a.m.•45 views

CVE-2024-1364

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget's custom_id in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated at...

6.4CVSS7.6AI score0.00094EPSS

CVE•added 2024/03/27 7:15 a.m.•45 views

CVE-2024-2781

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_html_tag attribute in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with cont...

6.4CVSS7.7AI score0.00124EPSS

CVE•added 2024/06/19 1:15 p.m.•44 views

CVE-2023-35050

Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through 3.13.0.

6.5CVSS6.5AI score0.00125EPSS