Exposure of Elementor

Page builders, WordPress plugins

720

exposure score

960,635

sites use

0

exploited

47

critical

Vexday analysis

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1,535 results

CVE-2024-13445MEDIUMElementor Website Builder – More Than Just a Page Builder <= 3.27.4 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-9867MEDIUMElement Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Map WidgetEPSS 0.3%CVE-2024-3134MEDIUMMaster Addons for Elementor <= 2.0.6.0 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-3066MEDIUMElegant Addons for elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML tagsEPSS 0.3%CVE-2024-3190MEDIUMUnlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text FieldEPSS 0.3%CVE-2024-10536MEDIUMFancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor <= 6.0.0 - Missing Authorization to Authenticated (Subscriber+) Shortcode ExportEPSS 0.3%CVE-2025-39590MEDIUMWordPress Essential Addons for Elementor plugin <= 6.1.9 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.3%CVE-2024-50433MEDIUMWordPress Sky Addons for Elementor plugin <= 2.5.15 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-34562MEDIUMWordPress Move Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-44026MEDIUMWordPress Charity Addon for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-47396MEDIUMWordPress Move Addons for Elementor plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2026-11614MEDIUMXpro Addons <= 1.7.2 - Authenticated (Author+) Stored Cross-Site Scripting via 'custom_attributes' Parameter of Multiple WidgetsEPSS 0.3%CVE-2025-14635MEDIUMHappy Addons for Elementor <= 3.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JSEPSS 0.3%CVE-2025-0433MEDIUMMaster Addons <= 2.0.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id ParameterEPSS 0.3%CVE-2024-9868MEDIUMElement Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age GateEPSS 0.3%CVE-2024-9888MEDIUMElementInvader Addons for Elementor <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-34563MEDIUMWordPress Gold Addons for Elementor plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2026-6504MEDIUMRoyal Addons for Elementor <= 1.7.1058 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' ParameterEPSS 0.3%CVE-2025-22312MEDIUMWordPress Thim Elementor Kit plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-49702MEDIUMWordPress myCred Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%

← previouspage 53 / 77next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →