Exposición de Elementor

Page builders, WordPress plugins

702

score de exposición

960.635

sitios usan

en explotación

críticos

Análisis Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1532 resultados

CVE-2024-4262MEDIUMPiotnet Addons For Elementor <= 2.4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget AttributesEPSS 0.3%CVE-2026-1210MEDIUMHappy Addons for Elementor <= 3.20.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_elementor_data' Meta FieldEPSS 0.3%CVE-2024-5344MEDIUMThe Plus Addons for Elementor Page Builder <= 5.5.6 - Reflected Cross-Site Scripting via WP Login and Register WidgetEPSS 0.3%CVE-2024-13113MEDIUMCountdown Timer for Elementor < 1.3.7 - Contributor+ Stored XSSEPSS 0.3%CVE-2025-26983MEDIUMWordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.4.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-8401MEDIUMHT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Sensitive Information ExposureEPSS 0.3%CVE-2024-10091MEDIUMElementsKit Elementor addons <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison WidgetEPSS 0.3%CVE-2023-28989MEDIUMWordPress Happy Addons for Elementor Plugin <= 3.8.2 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2024-13855MEDIUMPrime Addons for Elementor <= 2.0.1 - Authenticated (Contributor+) Insecure Direct Object Reference via pae_global_block ShortcodeEPSS 0.3%CVE-2025-31771MEDIUMWordPress Team Members for Elementor Page Builder plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-31813MEDIUMWordPress WPSHARE247 Elementor Addons plugin <= 2.5 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-31823MEDIUMWordPress WPoperation Elementor Addons plugin 1.1.9 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2026-1793MEDIUMElement Pack Addons for Elementor <= 8.3.17 - Authenticated (Contributor+) Arbitrary File ReadEPSS 0.3%CVE-2025-31749MEDIUMWordPress HMH Footer Builder For Elementor plugin <= 1.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-5542HIGHMaster Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu WidgetEPSS 0.3%CVE-2026-24390HIGHWordPress Kentha Elementor Widgets plugin < 3.1 - Local File Inclusion vulnerabilityEPSS 0.3%CVE-2024-10453MEDIUMElementor Website Builder – More than Just a Page Builder <= 3.25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typography SettingsEPSS 0.3%CVE-2024-10308MEDIUMJeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Countdown WidgetEPSS 0.3%CVE-2023-51676MEDIUMWordPress Happy Addons for Elementor Plugin <= 3.9.1.1 is vulnerable to Server Side Request Forgery (SSRF)EPSS 0.3%CVE-2025-68494MEDIUMWordPress Premium Addons for Elementor plugin <= 4.11.53 - Sensitive Data Exposure vulnerabilityEPSS 0.3%

← anteriorpágina 43 / 77siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →