Exposure of Elementor
Page builders, WordPress plugins702
exposure score
960,635
sites use
0
exploited
46
critical
CVEs
1,532 resultsCVE-2024-54314MEDIUMWordPress Primary Addon for Elementor plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2024-54316MEDIUMWordPress Restaurant & Cafe Addon for Elementor plugin <= 1.5.8 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2024-54315MEDIUMWordPress Events Addon for Elementor plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2024-4333MEDIUMSina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.3 - Authenticated (Contributor+) DOM-Based Cross-Site ScriptingEPSS 0.4%CVE-2024-9530MEDIUMQi Addons For Elementor <= 1.8.0 - Sensitive Information ExposureEPSS 0.4%CVE-2024-6757MEDIUMElementor <= 3.23.5 - Authenticated (Contributor+) Basic Information Exposure via get_image_alt FunctionEPSS 0.4%CVE-2024-9540MEDIUMSina Extension for Elementor <= 3.5.7 - Authenticated (Contributor+) Sensitive Information Exposure via Sina Modal Box Widget Elementor TemplateEPSS 0.4%CVE-2023-0710MEDIUMMetform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_thankyou shortcodeEPSS 0.4%CVE-2023-31080HIGHWordPress Unlimited Elements For Elementor plugin <= 1.5.65 - Multiple Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-53339HIGHWordPress Devnex Addons For Elementor plugin <= 1.0.9 - Local File Inclusion VulnerabilityEPSS 0.4%CVE-2026-4655MEDIUMElement Pack Addons for Elementor <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image WidgetEPSS 0.4%CVE-2024-32515MEDIUMWordPress Mega Addons For Elementor plugin <= 1.8 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2021-4445MEDIUMPremium Addons for Elementor <= 4.5.1 - Authenticated (Subscriber+) Limited Arbitrary Option UpdateEPSS 0.4%CVE-2024-37269MEDIUMWordPress Masterstudy Elementor Widgets plugin <= 1.2.2 - Unauthenticated Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-23693CRITICALElementsKit Elementor Addons < 3.7.9 Unauthenticated Mailchimp REST EndpointEPSS 0.4%CVE-2024-51812MEDIUMWordPress Pro Addons For Elementor plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2026-49109CRITICALWordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.3 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2026-49765CRITICALWordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.8 - PHP Object Injection vulnerabilityEPSS 0.4%CVE-2024-11829MEDIUMThe Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.1.8 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.4%CVE-2023-47779MEDIUMWordPress Integration for Contact Form 7 and Constant Contact Plugin <= 1.1.4 is vulnerable to Open RedirectionEPSS 0.4%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →