Exposure of Elementor

Page builders, WordPress plugins

717

exposure score

960,635

sites use

0

exploited

47

critical

Vexday analysis

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1,535 results

CVE-2025-63044MEDIUMWordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-63042MEDIUMWordPress Tutor LMS Elementor Addons plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-2284MEDIUMNews Element Elementor Blog Magazine <= 1.0.8 - Missing Authorization to Authenticated (Subscriber+) Data LossEPSS 0.2%CVE-2024-33632MEDIUMWordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-6252MEDIUMQi Addons For Elementor <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2024-38730MEDIUMWordPress Magical Addons For Elementor plugin <= 1.1.41 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2025-47476MEDIUMWordPress Cost Calculator for Elementor plugin <= 1.3.3 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.2%CVE-2024-52425MEDIUMWordPress Drozd – Addons for Elementor plugin <= 1.1.1 - Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-5092MEDIUMMultiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript LibraryEPSS 0.2%CVE-2025-3813MEDIUMRoyal Elementor Addons and Templates <= 1.7.1020 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-8212MEDIUMMedical Addon for Elementor <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typewriter WidgetEPSS 0.2%CVE-2025-69300MEDIUMWordPress Premium Addons for Elementor plugin <= 4.11.63 - Settings Change vulnerabilityEPSS 0.2%CVE-2025-60167MEDIUMWordPress Page Manager for Elementor Plugin <= 2.0.5 - Sensitive Data Exposure VulnerabilityEPSS 0.2%CVE-2025-22812MEDIUMWordPress News Ticker Widget for Elementor plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-12778MEDIUMUltimate Member Widgets for Elementor <= 2.3 - Missing Authorization to Unauthenticated Information ExposureEPSS 0.2%CVE-2024-0515MEDIUMRoyal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via remove_from_compareEPSS 0.2%CVE-2024-0513MEDIUMRoyal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via remove_from_wishlistEPSS 0.2%CVE-2025-10173LOWShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.3 - Insufficient Authorization to Authenticated (Editor+) Settings UpdateEPSS 0.2%CVE-2025-64352LOWWordPress Essential Addons for Elementor plugin <= 6.2.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-55712MEDIUMWordPress The Plus Addons for Elementor Page Builder Lite Plugin <= 6.3.13 - Broken Access Control VulnerabilityEPSS 0.2%

← previouspage 67 / 77next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →