Exposure of Elementor

Page builders, WordPress plugins

717

exposure score

960,635

sites use

0

exploited

47

critical

Vexday analysis

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1,535 results

CVE-2025-12537MEDIUMAddon Elements for Elementor <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-7646MEDIUMThe Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.3.10 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-66156MEDIUMWordPress Watcher for Elementor plugin <= 1.0.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66158MEDIUMWordPress Gmaper for Elementor plugin <= 1.0.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66157MEDIUMWordPress Sliper for Elementor plugin <= 1.0.10 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66159MEDIUMWordPress Walker for Elementor plugin <= 1.1.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-12120MEDIUMRoyal Elementor Addons and Templates <= 1.7.1017 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-66154MEDIUMWordPress Couponer for Elementor plugin <= 1.1.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66155MEDIUMWordPress Questionar for Elementor plugin <= 1.1.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-24843HIGHWordPress PowerPack Pro for Elementor Plugin < 2.10.8 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-47303MEDIUMWordPress Elementor Addons by Livemesh plugin <= 8.5 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-66138MEDIUMWordPress Motionger for Elementor plugin <= 2.0.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66137MEDIUMWordPress Searcher for Elementor plugin <= 1.0.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66140MEDIUMWordPress Uper for Elementor plugin <= 1.0.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66139MEDIUMWordPress Audier For Elementor plugin <= 1.0.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66135MEDIUMWordPress Imager for Elementor plugin <= 2.0.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-58251MEDIUMWordPress Sticky Header Effects for Elementor Plugin <= 2.1.2 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-28131MEDIUMWordPress Elementor Addon Elements plugin <= 1.14.4 - Sensitive Data Exposure vulnerabilityEPSS 0.2%CVE-2025-8445MEDIUMCountdown Timer for Elementor <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'countdown_label'EPSS 0.2%CVE-2025-68981MEDIUMWordPress HomeFix Elementor Portfolio plugin <= 1.0.1 - Broken Access Control vulnerabilityEPSS 0.2%

← previouspage 64 / 77next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →