Exposición de Elementor

Page builders, WordPress plugins

702

score de exposición

960.635

sitios usan

0

en explotación

46

críticos

Análisis Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1532 resultados

CVE-2024-25598MEDIUMWordPress Elementor Addons by Livemesh plugin <= 8.3 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-32508MEDIUMWordPress DethemeKit For Elementor plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-29107MEDIUMWordPress Elementor Addon Elements plugin <= 1.12.10 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-6283MEDIUMDethemeKit For Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via URL Parameter of the De Gallery WidgetEPSS 0.3%CVE-2026-42629HIGHWordPress PowerPack Pro for Elementor plugin < v2.13.0 - Broken Authentication vulnerabilityEPSS 0.3%CVE-2024-29108MEDIUMWordPress Happy Addons for Elementor plugin <= 3.10.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-29106MEDIUMWordPress Premium Addons for Elementor plugin <= 4.10.16 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2026-25430MEDIUMWordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-5222MEDIUMResponsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. <= 3.0.5 - Authenticated (Author+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2026-25387MEDIUMWordPress Image Optimizer by Elementor plugin <= 1.7.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-11601HIGHSky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.1 - Cross-Site Request Forgery to Limited Arbitrary Options UpdateEPSS 0.3%CVE-2026-8901HIGHIntegration for Freshsales <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Form Submission DataEPSS 0.3%CVE-2024-34373MEDIUMWordPress The Plus Addons for Elementor plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-4489MEDIUMRoyal Elementor Addons and Templates <= 1.3.976 - Authenticated (Author+) Stored Cross-Site Scripting via SVG UploadsEPSS 0.3%CVE-2024-5161MEDIUMMagical Addons For Elementor <= 1.1.39 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-5152MEDIUMElementsReady Addons for Elementor <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-4488MEDIUMRoyal Elementor Addons and Templates <= 1.3.976 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2023-35050MEDIUMWordPress Elementor Pro plugin <= 3.13.0 - Auth. Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-32727MEDIUMWordPress RomethemeForm For Elementor plugin <= 1.1.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-35656HIGHWordPress Elementor Pro <= 3.21.2 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%

← anteriorpágina 41 / 77siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →