Exposure of Elementor

Page builders, WordPress plugins

720

exposure score

960,635

sites use

0

exploited

47

critical

Vexday analysis

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1,535 results

CVE-2025-66142MEDIUMWordPress Comparimager for Elementor plugin <= 1.0.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14434MEDIUMUltimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content DisclosureEPSS 0.2%CVE-2025-62041HIGHWordPress TheGem (Elementor) theme <= 5.10.5.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-7475MEDIUMSky Addons <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via Custom ScriptEPSS 0.2%CVE-2024-10310MEDIUMElement Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery WidgetEPSS 0.2%CVE-2024-43292MEDIUMWordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.16 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-13834MEDIUMResponsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme <= 3.1.4 - Authenticated (Contributor+) Blind Server-Side Request Forgery via remote_requestEPSS 0.2%CVE-2024-0514MEDIUMRoyal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via add_to_compareEPSS 0.2%CVE-2024-51629MEDIUMWordPress Header Footer Composer for Elementor plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-51674MEDIUMWordPress Sastra Essential Addons for Elementor plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-51571MEDIUMWordPress MasterBip para Elementor plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-51575MEDIUMWordPress Extender All In One For Elementor plugin <= 1.0.3 - Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-8677MEDIUMPrime Elementor Addons <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget HTML Tag SettingsEPSS 0.2%CVE-2025-32641CRITICALWordPress Anant Addons for Elementor plugin <= 1.1.8 - CSRF to Arbitrary Plugin Installation vulnerabilityEPSS 0.2%CVE-2024-37554MEDIUMWordPress UltraAddons plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-37541MEDIUMWordPress Elementor Addons, Widgets and Enhancements – Stax plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-24844HIGHWordPress PowerPack Pro for Elementor plugin <= 2.10.6 - Unauthenticated Plugin Settings Reset vulnerabilityEPSS 0.2%CVE-2025-24708HIGHWordPress WP Dynamics CRM plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-47366MEDIUMWordPress Elementor Addon Elements plugin <= 1.13.6 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-47357MEDIUMWordPress Happy Addons for Elementor plugin <= 3.12.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%

← previouspage 57 / 77next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →