Exposure of Elementor
Page builders, WordPress plugins702
exposure score
960,635
sites use
0
exploited
46
critical
CVEs
1,532 resultsCVE-2024-12584MEDIUM140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.2 - Authenticated (Contributor+) Post Disclosure via Post DuplicationEPSS 0.3%CVE-2024-30186MEDIUMWordPress Prime Slider plugin <= 3.13.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2022-4707MEDIUMRoyal Elementor Addons <= 1.3.59 - Cross-Site Request Forgery to Menu Template creationEPSS 0.3%CVE-2024-32718MEDIUMWordPress The Pack Elementor addons plugin <= 2.0.8.2 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2024-2803MEDIUMElementsKit Elementor addons <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown WidgetEPSS 0.3%CVE-2026-2724HIGHUnlimited Elements For Elementor <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting via Form Entry FieldsEPSS 0.3%CVE-2024-4458MEDIUMThemesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via URLsEPSS 0.3%CVE-2024-3639MEDIUMElementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts GridEPSS 0.3%CVE-2024-4980MEDIUMWPKoi Templates for Elementor <= 2.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple ParametersEPSS 0.3%CVE-2024-4459MEDIUMThemesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget TitlesEPSS 0.3%CVE-2024-11367MEDIUMSmoove connector for Elementor forms <= 4.1.0 - Reflected Cross-Site ScriptingEPSS 0.3%CVE-2024-11852MEDIUMElement Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing AuthorizationEPSS 0.3%CVE-2025-68531HIGHWordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2024-0837MEDIUMElement Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Custom Gallery' WidgetEPSS 0.3%CVE-2024-2327MEDIUMGlobal Elementor Buttons <= 1.1.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via button linkEPSS 0.3%CVE-2024-13699MEDIUMQi Addons For Elementor <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-3638MEDIUMElementor Addons by Livemesh <= 8.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Marquee Text Widget, Testimonials Widget, and Testimonial Slider WidgetsEPSS 0.3%CVE-2026-1004MEDIUMEssential Addons for Elementor <= 6.5.5 - Missing Authorization to Unauthenticated Sensitive Information ExposureEPSS 0.3%CVE-2024-13217MEDIUMJeg Elementor Kit <= 2.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via Countdown and Off-CanvasEPSS 0.3%CVE-2024-29911MEDIUMWordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →