Lucene search
K

27 matches found

CVE
CVE
added 2024/04/24 3:49 p.m.2584 views

CVE-2023-47504

CVE-2023-47504 affects Elementor Website Builder (

9.8CVSS8AI score0.01452EPSS
CVE
CVE
added 2023/05/30 7:49 a.m.1098 views

CVE-2023-0329

CVE-2023-0329 affects the Elementor Website Builder WordPress plugin prior to 3.12.2. The issue is a SQL injection caused by improper sanitization/escaping of the Replace URL parameter in the Tools module before it is used in a SQL statement. Exploitation requires privileges of an Administrator, ...

7.2CVSS7.1AI score0.19695EPSS
Web
CVE
CVE
added 2024/05/17 8:50 a.m.239 views

CVE-2024-24934

CVE-2024-24934 (Elementor Website Builder) : Affected plugin versions are Elementor Website Builder

8.5CVSS6.7AI score0.00715EPSS
CVE
CVE
added 2023/08/14 7:10 p.m.193 views

CVE-2022-4953

The CVE describes a vulnerability in the Elementor Website Builder WordPress plugin, affecting versions prior to 3.5.5, where user-controlled URLs loaded into the DOM are not properly filtered, enabling injection of rogue iframes to malicious URLs. Affected product: WordPress Elementor Website Bu...

6.1CVSS6.1AI score0.02027EPSS
Web
CVE
CVE
added 2024/04/09 6:59 p.m.183 views

CVE-2024-2117

CVE-2024-2117 affects Elementor Website Builder – More than Just a Page Builder (WordPress) via the Path Widget. All versions up to 3.20.2 are vulnerable due to insufficient output escaping on user-supplied attributes, enabling stored XSS. Exploitation requires an authenticated attacker with cont...

6.4CVSS7.6AI score0.00462EPSS
CVE
CVE
added 2024/05/21 11:2 a.m.181 views

CVE-2024-4619

CVE-2024-4619 affects Elementor Website Builder – More than Just a Page Builder for WordPress. The vulnerability is DOM-based Stored XSS in the hover_animation parameter, Web impact per sources: attacker with contributor+ permissions can inject scripts that execute when users load the affected pa...

6.4CVSS6.1AI score0.00401EPSS
CVE
CVE
added 2025/02/20 4:22 a.m.169 views

CVE-2024-13445

CVE-2024-13445 affects the WordPress plugin “Elementor Website Builder – More Than Just a Page Builder” (Elementor) and is a Stored XSS vulnerability exploitable by authenticated users with Contributor+ that targets border, margin, and gap parameters. The issue arises from insufficient input sani...

6.4CVSS5.7AI score0.00258EPSS
CVE
CVE
added 2024/09/11 11:32 a.m.168 views

CVE-2024-5416

The CVE-2024-5416 entry concerns the Elementor Website Builder – More than Just a Page Builder WordPress plugin (

5.4CVSS5.3AI score0.00372EPSS
CVE
CVE
added 2024/07/09 10:38 a.m.156 views

CVE-2024-37437

CVE-2024-37437 affects Elementor Website Builder (WordPress plugin) up to version 3.22.1. Root cause: improper restriction of pathnames leading to a Path Traversal; impact includes arbitrary SVG download and potential Cross-Site Scripting (stored XSS) as indicated by multiple sources. Mitigation:...

5.5CVSS5.9AI score0.00336EPSS
CVE
CVE
added 2025/08/12 5:27 a.m.151 views

CVE-2025-8081

Summary (CVE-2025-8081) The Elementor WordPress plugin (versions ≤ 3.30.2) is vulnerable to an arbitrary file read via the Import_Images::import() path traversal due to insufficient validation of the uploaded file reference (tmp_name). The underlying issue allowed authenticated administrators to ...

4.9CVSS6.7AI score0.00474EPSS
CVE
CVE
added 2025/01/30 1:42 p.m.148 views

CVE-2024-8494

The CVE concerns Elementor Website Builder Pro for WordPress. Affected: all versions up to and including 3.25.10. Issue: authenticated attackers with Contributor+ access can exploit the elementor-template shortcode to exfiltrate sensitive information from Private, Pending, and Draft Templates (Se...

6.5CVSS4.6AI score0.00297EPSS
CVE
CVE
added 2024/02/20 6:56 p.m.141 views

CVE-2024-0506

Elementor Website Builder for WordPress (WordPress plugin) is vulnerable to Cross‑Site Scripting via the get_image_alt path in versions

6.4CVSS6.3AI score0.00467EPSS
CVE
CVE
added 2020/01/22 4:8 p.m.138 views

CVE-2020-7109

CVE-2020-7109 affects the Elementor Page Builder plugin for WordPress (versions prior to 2.8.4). The underlying issue is failure to sanitize data when creating a new template, which can enable Cross-Site Scripting (XSS) or related input-handling risks. Public references (NVD/Red Hat/PRION/OpenVAS...

9.8CVSS9.4AI score0.01675EPSS
CVE
CVE
added 2020/01/28 10:26 p.m.137 views

CVE-2020-8426

CVE-2020-8426 describes a reflected XSS in the WordPress Elementor Page Builder plugin (versions prior to 2.8.5) on the elementor-system-info page. The vulnerability is exploitable by an authenticated user; no public exploit details are provided in the supplied documents. Affected component is th...

5.4CVSS5.2AI score0.01288EPSS
Web
CVE
CVE
added 2024/06/11 9:17 a.m.130 views

CVE-2023-33922

CVE-2023-33922 concerns the WordPress plugin Elementor Website Builder (affected: versions

4.3CVSS4.7AI score0.00338EPSS
CVE
CVE
added 2024/10/15 2:3 a.m.125 views

CVE-2024-6757

CVE-2024-6757 : Elementor Website Builder for WordPress ( 3.23.5, with Patchstack noting fixed in 3.24.6; Wordfence/Red Hat references align on patching. Short-term mitigations include restricting access to the affected function. The vulnerability is categorized as Medium risk per available data,...

4.3CVSS4.8AI score0.0039EPSS
CVE
CVE
added 2021/11/23 7:16 p.m.120 views

CVE-2021-24891

The CVE-2021-24891 entry concerns the WordPress Elementor Website Builder plugin: versions prior to 3.4.8 contain a DOM-based XSS due to input being appended to the DOM without proper sanitization/escaping of a malicious hash. In practice, this can allow arbitrary JavaScript execution in the vict...

6.1CVSS6AI score0.24006EPSS
CVE
CVE
added 2024/05/09 8:3 p.m.105 views

CVE-2024-4107

Technical details about CVE-2024-4107 are not publicly provided in the supplied documents. Monitoring for updates is recommended.

6.4CVSS5.7AI score0.00419EPSS
CVE
CVE
added 2021/01/06 2:6 p.m.90 views

CVE-2020-36171

CVE-2020-36171 concerns the Elementor Website Builder plugin for WordPress. Affected: WordPress plugins prior to version 3.0.14 . Root cause: incomplete validation/restriction of uploaded SVG files, enabling potentially unsafe SVG uploads. Reported impact includes security concerns such as possib...

6.1CVSS6.3AI score0.00819EPSS
CVE
CVE
added 2025/07/29 4:23 a.m.74 views

CVE-2025-3075

CVE-2025-3075 affects the WordPress plugin “Elementor Website Builder – More Than Just a Page Builder” up to version 3.29.0, via a Stored Cross-Site Scripting flaw in the elementor-element shortcode caused by insufficient input sanitization and output escaping of user attributes. Exploitation req...

6.4CVSS5.5AI score0.00165EPSS
CVE
CVE
added 2024/03/27 6:40 a.m.60 views

CVE-2024-2120

The CVE-2024-2120 vulnerability affects Elementor Website Builder – More than Just a Page Builder for WordPress. It enables Stored XSS via the Post Navigation widget in all versions up to 3.20.1, caused by insufficient input sanitization and output escaping on user-supplied attributes. Authentica...

5.4CVSS7.4AI score0.0034EPSS
CVE
CVE
added 2021/04/05 6:27 p.m.55 views

CVE-2021-24206

CVE-2021-24206 affects the Elementor Website Builder WordPress plugin prior to 3.1.4. The image box widget (image-box.php) accepts a title_size parameter that is not properly sanitized. An authenticated user with Contributor+ can submit a modified save_builder request containing JavaScript in tit...

5.4CVSS5.4AI score0.00746EPSS
Web
CVE
CVE
added 2021/04/05 6:27 p.m.51 views

CVE-2021-24203

CVE-2021-24203 describes an authenticated stored XSS in the Elementor Website Builder WordPress plugin prior to 3.1.4. The divider widget’s divider.php path accepts an html_tag parameter; an attacker with Contributor+ permissions can modify a save_builder request to set html_tag to script and inc...

5.4CVSS5.4AI score0.00746EPSS
CVE
CVE
added 2021/04/05 6:27 p.m.49 views

CVE-2021-24201

Vulnerability summary (CVE-2021-24201): In the Elementor Website Builder WordPress plugin prior to 3.1.4, the column element (includes/elements/column.php) accepts an html_tag parameter. A user with Contributor+ permissions can send a modified save_builder request containing JavaScript in html_ta...

5.4CVSS5.4AI score0.00746EPSS
Web
CVE
CVE
added 2021/04/05 6:27 p.m.49 views

CVE-2021-24204

The CVE concerns Elementor Website Builder WordPress plugin prior to 3.1.4. The accordion widget (includes/widgets/accordion.php) accepts a title_html_tag parameter, which was not properly filtered. A user with Contributor or higher permissions can craft a modified save_builder request containing...

5.4CVSS5.4AI score0.00746EPSS
Web
CVE
CVE
added 2021/04/05 6:27 p.m.49 views

CVE-2021-24205

The CVE applies to the Elementor Website Builder WordPress plugin (before 3.1.4). The icon box widget’s title_size parameter can be exploited by a user with Contributor+ permissions via a modified save_builder request, enabling stored XSS because the JavaScript is not filtered/escaped and execute...

5.4CVSS5.4AI score0.00746EPSS
Web
CVE
CVE
added 2021/04/05 6:27 p.m.43 views

CVE-2021-24202

CVE-2021-24202 affects the Elementor Website Builder WordPress plugin (before 3.1.4). The heading widget’s header_size parameter is exploitable when an authenticated user (Contributor or higher) sends a modified save_builder payload, setting header_size to script and a title containing JavaScript...

5.4CVSS5.4AI score0.00746EPSS