Exposición de Elementor

Page builders, WordPress plugins

720

score de exposición

960.635

sitios usan

0

en explotación

47

críticos

Análisis Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1535 resultados

CVE-2025-68494MEDIUMWordPress Premium Addons for Elementor plugin <= 4.11.53 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2025-30562HIGHWordPress Navigation Tree Elementor plugin <= 1.0.1 - SQL Injection VulnerabilityEPSS 0.3%CVE-2025-24729MEDIUMWordPress ElementInvader Addons for Elementor plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-2455MEDIUMElement Pack - Addon for Elementor Page Builder WordPress Plugin <= 7.9.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link URLEPSS 0.3%CVE-2024-7611MEDIUMEnter Addons – Ultimate Template Builder for Elementor <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Events Card WidgetEPSS 0.3%CVE-2024-13827MEDIUMRazorpay Subscription Button Elementor Plugin <= 1.0.3 - Reflected Cross-Site Scripting via add_query_arg and remove_query_arg FunctionsEPSS 0.3%CVE-2024-10777MEDIUMAnyWhere Elementor <= 1.2.11 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-10787MEDIUMLA-Studio Element Kit for Elementor <= 1.4.4 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-10897MEDIUMTutor LMS Elementor Addons <= 2.1.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin InstallationEPSS 0.3%CVE-2024-53796MEDIUMWordPress Themesflat Addons For Elementor plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-5502MEDIUMPiotnet Addons For Elementor <= 2.4.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple WidgetsEPSS 0.3%CVE-2024-6282MEDIUMMaster Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-jltma-wrapper-link ElementEPSS 0.3%CVE-2024-10779MEDIUMCowidgets – Elementor Addons <= 1.2.0 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-8910MEDIUMHT Mega – Absolute Addons For Elementor <= 2.6.5 - Authenticated (Contributor+) Sensitive Information Exposure via template_idEPSS 0.3%CVE-2024-45454HIGHWordPress Unlimited Elements for Elementor plugin <= 1.5.121 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-51870MEDIUMWordPress Ultimate Flipbox Addon for Elementor plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-51893MEDIUMWordPress Postify: Post Layout For Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-51894MEDIUMWordPress Topbar ID for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-13153MEDIUMUnlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.135 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple WidgetsEPSS 0.3%CVE-2024-9388MEDIUMBlack Widgets For Elementor <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadEPSS 0.3%

← anteriorpágina 44 / 77siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →