Lucene search
K
ElementorElementor Pro

7 matches found

CVE
CVE
added 2020/10/07 3:32 p.m.465 views

CVE-2020-26596

CVE-2020-26596 affects the Dynamic OOO widget in Elementor Pro for WordPress up to version 3.0.5. It permits remote authenticated users with the Editor role to upload executable PHP code via the PHP Raw snippet, enabling arbitrary code execution. Mitigation suggested in the description is to remo...

9CVSS8.9AI score0.05648EPSS
Web
CVE
CVE
added 2023/06/07 1:51 a.m.288 views

CVE-2023-3124

The CVE-2023-3124 entry concerns the WordPress Elementor Pro plugin. A missing capability check in the update_page_option function (versions up to and including 3.11.6) allows authenticated users with subscriber-level capabilities to modify arbitrary site options, enabling privilege escalation. A...

8.8CVSS8.3AI score0.2272EPSS
CVE
CVE
added 2024/07/22 10:2 a.m.226 views

CVE-2024-35656

CVE-2024-35656 is an input handling flaw in Elementor Pro (WordPress) that enables Reflected XSS in the Elementor Website Builder Pro up to version 3.21.2. The issue occurs during web page generation and affects Elementor Pro releases prior to the patched version. The connected documents identify...

7.1CVSS7AI score0.00331EPSS
CVE
CVE
added 2024/03/27 6:40 a.m.91 views

CVE-2024-1521

CVE-2024-1521 affects the Elementor Website Builder Pro plugin for WordPress. It enables Stored Cross-Site Scripting through an SVGZ file uploaded via the Form widget in all versions up to and including 3.20.1, due to insufficient input sanitization and output escaping. Exploitation requires auth...

6.4CVSS7.7AI score0.0032EPSS
CVE
CVE
added 2024/03/27 6:40 a.m.87 views

CVE-2024-2121

The CVE CVE-2024-2121 affects the Elementor Website Builder Pro WordPress plugin. It enables Stored Cross-Site Scripting via the Media Carousel widget in all versions up to 3.20.1, caused by insufficient input sanitization and output escaping on user-supplied attributes. Attackers with contributo...

5.4CVSS7.6AI score0.0034EPSS
CVE
CVE
added 2024/03/27 6:40 a.m.60 views

CVE-2024-1364

CVE-2024-1364 – Elementor Website Builder Pro : Stored XSS in the WordPress plugin via the widget’s custom_id in all versions up to 3.20.1. Root cause: insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires authentication at contributor level or hig...

6.4CVSS7.6AI score0.0032EPSS
CVE
CVE
added 2024/03/27 6:40 a.m.60 views

CVE-2024-2781

The vulnerability CVE-2024-2781 affects Elementor Website Builder Pro for WordPress. It is a Stored XSS in the video_html_tag attribute, present in all versions up to and including 3.20.1, caused by insufficient input sanitization and output escaping. The impact, as stated, is that authenticated ...

6.4CVSS7.7AI score0.00323EPSS