Exposure of Elementor

Page builders, WordPress plugins
717
exposure score
960,635
sites use
0
exploited
47
critical
Vexday analysis

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1,535 results
CVE-2025-63055MEDIUMWordPress Master Addons for Elementor plugin <= 2.0.9.9.4 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-39636MEDIUMWordPress Livemesh Addons for Elementor plugin <= 9.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-24958MEDIUMWordPress JetElements For Elementor plugin <= 2.7.12.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-32429MEDIUMWordPress Magical Addons For Elementor plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-67588MEDIUMWordPress Elementor Website Builder plugin <= 3.33.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-37945MEDIUMWordPress WPBITS Addons For Elementor plugin <= 1.5 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-64210MEDIUMWordPress Masterstudy Elementor Widgets plugin <= 1.2.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-59592MEDIUMWordPress Make Column Clickable Elementor Plugin <= 1.6.0 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.2%CVE-2025-55714MEDIUMWordPress JetElements For Elementor Plugin <= 2.7.9 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.2%CVE-2026-2949MEDIUMXpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Box WidgetEPSS 0.2%CVE-2025-6229MEDIUMSina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Fancy Text Widget` And `Countdown Widget`EPSS 0.2%CVE-2025-64274MEDIUMWordPress WPKoi Templates for Elementor plugin <= 3.4.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39500MEDIUMWordPress themesflat-addons-for-elementor plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-67951MEDIUMWordPress WPZOOM Addons for Elementor plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-6565MEDIUMStyle Kits – Advanced Theme Styles for Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Kit TitleEPSS 0.2%CVE-2025-8444MEDIUMAnimation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates <= 2.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple ParametersEPSS 0.2%CVE-2025-7960MEDIUMKing Addons for Elementor <= 51.1.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple WidgetsEPSS 0.2%CVE-2025-31046MEDIUMWordPress AnyWhere Elementor Pro plugin <= 2.29 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-58195MEDIUMWordPress Xpro Elementor Addons Plugin <= 1.4.17 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.2%CVE-2025-58208MEDIUMWordPress PDF for Elementor Forms + Drag And Drop Template Builder Plugin <= 6.2.0 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.2%

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →