Exposure of Elementor
Page builders, WordPress plugins696
exposure score
960,635
sites use
0
exploited
46
critical
CVEs
1,530 resultsCVE-2023-6632MEDIUMHappy Addons for Elementor <= 3.9.1.1 - Reflected Cross-Site ScriptingEPSS 0.5%CVE-2024-50453HIGHWordPress The Pack Elementor addons plugin <= 2.0.9 - Local File Inclusion vulnerabilityEPSS 0.5%CVE-2026-9018HIGHEasy Elements for Elementor – Addons & Website Templates <= 1.4.5 - Unauthenticated Privilege Escalation via 'custom_meta' ParameterEPSS 0.5%CVE-2023-31231CRITICALWordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.65 is vulnerable to Arbitrary File UploadEPSS 0.5%CVE-2024-51665MEDIUMWordPress Magical Addons For Elementor plugin <= 1.2.1 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.5%CVE-2022-23179MEDIUMContact Form & Lead Form Elementor Builder < 1.7.0 - Multiple Admin+ Stored Cross-Site ScriptingEPSS 0.5%CVE-2023-50884MEDIUMWordPress LA-Studio Element Kit for Elementor plugin <= 1.1.5 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-50442MEDIUMWordPress Royal Elementor Addons and Templates plugin <= 1.3.980 - XML External Entity (XXE) vulnerabilityEPSS 0.5%CVE-2024-1498MEDIUMHappy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Photo Stack WidgetEPSS 0.5%CVE-2022-4765MEDIUMPortfolio for Elementor, Image Gallery & Post Grid | PowerFolio < 2.3.1 - Contributor+ Stored XSS via ShortcodeEPSS 0.5%CVE-2024-0835MEDIUMRoyal Elementor Kit <= 1.0.116 - Missing Authorization to Arbitrary Transient UpdateEPSS 0.5%CVE-2024-2043MEDIUMEleForms – All In One Form Integration including DB for Elementor <= 2.9.9.7 - Missing Authorization to Sensitive Information ExposureEPSS 0.5%CVE-2024-0834MEDIUMThe Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_to parameter in all versions up EPSS 0.5%CVE-2024-3199MEDIUMThe Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown WidgetEPSS 0.5%CVE-2024-3819MEDIUMJeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - BannerEPSS 0.5%CVE-2024-37090HIGHSQL Injection vulnerability in multiple StylemixThemes premium themesEPSS 0.5%CVE-2022-23180MEDIUMContact Form & Lead Form Elementor Builder Plugin < 1.7.4 - Multiple Subscriber+ Settings UpdateEPSS 0.5%CVE-2024-23523MEDIUMWordPress Elementor Pro plugin <= 3.19.2 - Contributor+ Arbitrary User Meta Data Retrieval vulnerabilityEPSS 0.5%CVE-2025-24569HIGHWordPress PDF Generator Addon for Elementor Page Builder plugin <= 1.7.5 - Arbitrary File Read vulnerabilityEPSS 0.5%CVE-2024-37092HIGHWordPress Consulting Elementor Widgets plugin <= 1.3.0 - Local File Inclusion vulnerabilityEPSS 0.5%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →