Exposure of Elementor

Page builders, WordPress plugins
720
exposure score
960,635
sites use
0
exploited
47
critical
Vexday analysis

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1,535 results
CVE-2024-5332MEDIUMExclusive Addons for Elementor <= 2.6.9.8 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Card WidgetEPSS 0.3%CVE-2024-5086MEDIUMEssential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.8.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Carousel WidgetEPSS 0.3%CVE-2024-5612MEDIUMEssential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox and Modal WidgetEPSS 0.3%CVE-2025-47644MEDIUMWordPress Integrations of Zoho CRM with Elementor form plugin <= 1.0.8 - Open Redirection VulnerabilityEPSS 0.3%CVE-2025-0661MEDIUMDethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Protected Post DisclosureEPSS 0.3%CVE-2024-35688MEDIUMWordPress Master Addons for Elementor plugin <= 2.0.5.9 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-35709MEDIUMWordPress The Plus Addons for Elementor plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-1457MEDIUMElement Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site ScriptingEPSS 0.3%CVE-2026-1870MEDIUMThim Kit for Elementor <= 1.3.7 - Missing Authorization to Unauthenticated Private Course DisclosureEPSS 0.3%CVE-2023-0495MEDIUMHT Slider For Elementor < 1.4.0 - Arbitrary Plugin Activation via CSRFEPSS 0.3%CVE-2024-12110MEDIUMGold Addons for Elementor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) License Activation/DeactivationEPSS 0.3%CVE-2022-4103MEDIUMRoyal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post CreationEPSS 0.3%CVE-2024-38705MEDIUMWordPress ElementInvader Addons for Elementor plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-34575MEDIUMWordPress DethemeKit For Elementor plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-9694MEDIUMCMSMasters Elementor Addon <= 1.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple WidgetsEPSS 0.3%CVE-2024-38710MEDIUMWordPress Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin <= 2.0.6.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-3997MEDIUMPrime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling WidgetEPSS 0.3%CVE-2024-44007HIGHWordPress SKT Templates – Elementor & Gutenberg templates plugin <= 6.14 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-52358MEDIUMWordPress Responsive Addons for Elementor plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-52354MEDIUMWordPress Web Stories Widgets For Elementor plugin <= 1.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →