Exposure of Elementor

Page builders, WordPress plugins

717

exposure score

960,635

sites use

0

exploited

47

critical

Vexday analysis

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1,535 results

CVE-2025-22811MEDIUMWordPress MT Addons for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-4566MEDIUMElementor <= 3.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path WidgetEPSS 0.2%CVE-2026-6127MEDIUMElementor Website Builder <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST APIEPSS 0.2%CVE-2025-9204MEDIUMX Addons for Elementor <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Video ID FieldEPSS 0.2%CVE-2024-0516MEDIUMRoyal Elementor Addons and Templates <= 1.3.87 - Missing Authorization via wpr_update_form_action_metaEPSS 0.2%CVE-2025-58816LOWWordPress Product Carousel Slider for Elementor Plugin <= 2.1.3 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-8214MEDIUMThe Pack Elementor addon <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typing Letter WidgetEPSS 0.2%CVE-2025-8608MEDIUMMihdan: Elementor Yandex Maps <= 1.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Marker PinsEPSS 0.2%CVE-2024-0512MEDIUMRoyal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via add_to_wishlistEPSS 0.2%CVE-2026-45214HIGHWordPress Xpro Elementor Addons plugin <= 1.5.1 - SQL Injection vulnerabilityEPSS 0.2%CVE-2025-8722MEDIUMContent Views <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Grid and List WidgetsEPSS 0.2%CVE-2025-0393MEDIUMRoyal Elementor Addons and Templates <= 1.7.1006 - Cross-Site Request Forgery to Reflected Cross-Site ScriptingEPSS 0.2%CVE-2024-56221MEDIUMWordPress WPMozo Addons Lite for Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-39361MEDIUMWordPress Royal Elementor Addons plugin <= 1.7.1017 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-37229MEDIUMWordPress Blogmentor – Blog Layouts for Elementor plugin <= 1.5 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-56268MEDIUMWordPress Post Grid Elementor Addon plugin <= 2.0.18 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-8208MEDIUMSpexo Addons for Elementor <= 1.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown WidgetEPSS 0.2%CVE-2025-8200MEDIUMMega Elements – Addons for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer WidgetEPSS 0.2%CVE-2025-8451MEDIUMEssential Addons for Elementor – Popular Elementor Templates and Widgets <= 6.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'data-gallery-items'EPSS 0.2%CVE-2025-31567MEDIUMWordPress Themesflat Addons For Elementor plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%

← previouspage 63 / 77next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →