Exposure of Elementor
Page builders, WordPress plugins696
exposure score
960,635
sites use
0
exploited
46
critical
CVEs
1,530 resultsCVE-2021-4332MEDIUMThe Plus Addons for Elementor PRO <= 4.1.9 & The Plus Addons for Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File ReadEPSS 0.8%CVE-2022-4704MEDIUMRoyal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template ImportEPSS 0.8%CVE-2022-0327—Master Addons for Elementor < 1.8.2 - Reflected Cross-Site ScriptingEPSS 0.8%CVE-2024-3018HIGHEssential Addons for Elementor <= 5.9.13 - Authenticated (Author+) PHP Object Injection via error_resetpasswordEPSS 0.8%CVE-2025-32672HIGHWordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.9 - Local File Inclusion VulnerabilityEPSS 0.8%CVE-2023-31090CRITICALWordPress Unlimited Elements For Elementor plugin <= 1.5.60 - Unrestricted Zip Extraction vulnerabilityEPSS 0.8%CVE-2024-4875MEDIUMHT Mega – Absolute Addons For Elementor <= 2.5.2 - Missing Authorization to Options UpdateEPSS 0.8%CVE-2022-4701MEDIUMRoyal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin ActivationEPSS 0.8%CVE-2023-31212HIGHWordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to SQL InjectionEPSS 0.8%CVE-2024-0376MEDIUMPremium Addons for Elementor <= 4.10.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link WidgetEPSS 0.7%CVE-2021-24205—Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box WidgetEPSS 0.7%CVE-2021-24201—Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Column ElementEPSS 0.7%CVE-2021-24204—Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Accordion WidgetEPSS 0.7%CVE-2021-24203—Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Divider WidgetEPSS 0.7%CVE-2021-24206—Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box WidgetEPSS 0.7%CVE-2021-24202—Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading WidgetEPSS 0.7%CVE-2026-4106MEDIUMHT Mega < 3.0.7 – Unauthenticated PII DisclosureEPSS 0.7%CVE-2024-29792HIGHWordPress Unlimited Elements for Elementor plugin <= 1.5.93 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.7%CVE-2024-12272HIGHWP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor <= 1.3.7 - Authenticated (Contributor+) Local File InclusionEPSS 0.7%CVE-2023-0688MEDIUMMetform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_thankyou shortcodeEPSS 0.7%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →