Exposure of Elementor

Page builders, WordPress plugins

702

exposure score

960,635

sites use

0

exploited

46

critical

Vexday analysis

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1,532 results

CVE-2024-3309MEDIUMQi Addons For Elementor <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown widgetEPSS 0.3%CVE-2024-2084MEDIUMHT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox WidgetEPSS 0.3%CVE-2024-1521MEDIUMElementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Widget SVGZ File UploadEPSS 0.3%CVE-2024-1327MEDIUMJeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image BoxEPSS 0.3%CVE-2024-1364MEDIUMElementor Website Builder Pro <= 3.20.1 - Authententicated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-2249MEDIUMLA-Studio Element Kit for Elementor <= 1.3.7.4 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-2750MEDIUMExclusive Addons for Elementor <= 2.6.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button WidgetEPSS 0.3%CVE-2024-2085MEDIUMHT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'size'EPSS 0.3%CVE-2024-2137MEDIUMAll-in-One Addons for Elementor – WidgetKit <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing WidgetsEPSS 0.3%CVE-2024-1421MEDIUMHT Mega – Absolute Addons For Elementor <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Carousel WidgetEPSS 0.3%CVE-2024-0824MEDIUMExclusive Addons for Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link AnythingEPSS 0.3%CVE-2024-2751MEDIUMExclusive Addons for Elementor <= 2.6.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBoxEPSS 0.3%CVE-2024-13854MEDIUMEducation Addon for Elementor <= 1.3.1 - Authenticated (Contributor+) Insecure Direct Object Reference via naedu_elementor_template ShortcodeEPSS 0.3%CVE-2024-10689MEDIUMXLTab – Accordions and Tabs for Elementor Page Builder <= 1.4 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2026-27041CRITICALWordPress Unlimited Elements for Elementor (Premium) plugin <= 2.0.6 - Arbitrary File Upload vulnerabilityEPSS 0.3%CVE-2025-64360HIGHWordPress Consulting Elementor Widgets plugin <= 1.4.2 - Local File Inclusion vulnerabilityEPSS 0.3%CVE-2024-5382MEDIUMMaster Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to MA Template Creation or ModificationEPSS 0.3%CVE-2024-44001MEDIUMWordPress Royal Elementor Addons and Templates plugin <= 1.3.982 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-30232MEDIUMWordPress Exclusive Addons for Elementor plugin <= 2.6.9 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-30177MEDIUMWordPress Exclusive Addons for Elementor plugin <= 2.6.8 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%

← previouspage 40 / 77next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →