Exposure of Elementor

Page builders, WordPress plugins

717

exposure score

960,635

sites use

0

exploited

47

critical

Vexday analysis

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1,535 results

CVE-2025-64244MEDIUMWordPress Restrict Elementor Widgets, Columns and Sections plugin <= 1.12 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-25416MEDIUMWordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-22468MEDIUMWordPress Absolute Addons For Elementor plugin <= 1.0.14 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-26990MEDIUMWordPress Royal Elementor Addons plugin <= 1.7.1006 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.2%CVE-2026-32445LOWWordPress Elementor Website Builder plugin <= 3.35.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-5684MEDIUMMetForm <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM ElementEPSS 0.2%CVE-2025-30987MEDIUMWordPress JetBlocks For Elementor plugin <= 1.3.16 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-54712MEDIUMWordPress Easy Elementor Addons Plugin <= 2.2.7 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-27376HIGHWordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme <= 2.2.7 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-1458MEDIUMElement Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-66160MEDIUMWordPress Select Graphist for Elementor Graphist for Elementor plugin <= 1.2.10 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-40763MEDIUMWordPress Royal Elementor Addons plugin <= 1.7.1056 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-27421MEDIUMWordPress Royal Elementor Addons plugin < 1.7.1053 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-9993MEDIUMEssential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Event Calendar WidgetEPSS 0.2%CVE-2023-25969MEDIUMWordPress Contact Form & Lead Form Elementor Builder plugin <= 1.8.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-40720HIGHWordPress Royal Elementor Addons Pro plugin < 1.7.1041 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-45437HIGHWordPress Product Filter Widget for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-39597HIGHWordPress WPZOOM Addons for Elementor plugin <= 1.3.4 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-22518MEDIUMWordPress X Addons for Elementor plugin <= 1.0.23 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-39448MEDIUMWordPress JetElements For Elementor plugin <= 2.7.4.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%

← previouspage 72 / 77next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →