Exposure of Elementor

Page builders, WordPress plugins
717
exposure score
960,635
sites use
0
exploited
47
critical
Vexday analysis

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1,535 results
CVE-2025-69357MEDIUMWordPress TheGem Theme Elements (for Elementor) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-62094MEDIUMWordPress Void Elementor WHMCS Elements For Elementor Page Builder plugin <= 2.0.1.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-68559MEDIUMWordPress TheGem Theme Elements (for Elementor) plugin <= 5.10.5.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2026-39703MEDIUMWordPress WPBITS Addons For Elementor Page Builder plugin <= 1.8.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-64355MEDIUMWordPress JetElements For Elementor plugin <= 2.7.12 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-31413MEDIUMWordPress Element Pack Elementor Addons plugin <= 8.3.13 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-14163MEDIUMPremium Addons for Elementor <= 4.11.53 - Cross-Site Request Forgery via 'insert_inner_template'EPSS 0.1%CVE-2026-57620MEDIUMWordPress Exclusive Addons Elementor plugin <= 2.7.9.8 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2024-23511MEDIUMWordPress The Plus Addons for Elementor plugin <= 5.3.3 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2026-42410MEDIUMWordPress TheGem theme Elements (for Elementor) plugin < 5.12.1.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-69092MEDIUMWordPress Essential Addons for Elementor plugin <= 6.5.3 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-5938MEDIUMDigital Marketing and Agency Templates Addons for Elementor <= 1.1.1 - Cross-Site Request Forgery to ImportEPSS 0.1%CVE-2025-8481MEDIUMBlog Designer For Elementor – Post Slider, Post Carousel, Post Grid <= 1.1.7 - Cross-Site Request ForgeryEPSS 0.1%CVE-2026-25319MEDIUMWordPress Zita Elementor Site Library plugin <= 1.6.6 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-12358MEDIUMShopEngine <= 4.8.5 - Cross-Site Request Forgery to Wishlist ManipulationEPSS 0.1%

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →