Exposición de Elementor

Page builders, WordPress plugins

720

score de exposición

960.635

sitios usan

en explotación

críticos

Análisis Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1535 resultados

CVE-2025-22758MEDIUMWordPress Elementor AI Addons plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-5944MEDIUMElement Pack Addons for Elementor <= 8.0.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption AttributeEPSS 0.3%CVE-2023-48761MEDIUMWordPress JetElements For Elementor plugin <= 2.6.13 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-3611MEDIUMToolbar Extras for Elementor & More – WordPress Admin Bar Enhanced <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-49679MEDIUMWordPress WPKoi Templates for Elementor plugin <= 3.1.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-1802MEDIUMHT Mega – Absolute Addons For Elementor <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple WidgetsEPSS 0.3%CVE-2024-13734MEDIUMCard Elements for Elementor <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Profile Card WidgetEPSS 0.3%CVE-2025-13692HIGHUnlimited Elements For Elementor and Unlimited Elements For Elementor (Premium) <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File UploadEPSS 0.3%CVE-2024-52471HIGHWordPress Extensions for Elementor plugin <= 2.0.37 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-54444MEDIUMWordPress Elementor plugin <= 3.25.10 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-2784MEDIUMThe Plus Addons for Elementor <= 5.5.4 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Hover CardEPSS 0.3%CVE-2025-13977MEDIUMEssential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2025-1571MEDIUMExclusive Addons for Elementor <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text and Image Comparison WidgetsEPSS 0.3%CVE-2026-5428MEDIUMRoyal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Image Caption FieldEPSS 0.3%CVE-2024-37922MEDIUMWordPress Premium Addons for Elementor plugin <= 4.10.34 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-49667MEDIUMWordPress Local Business Addons For Elementor plugin <= 1.1.5 - Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-49665MEDIUMWordPress Web Bricks Addons for Elementor plugin <= 1.1.1 - Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-51938MEDIUMWordPress Charity Addon for Elementor plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-52356MEDIUMWordPress The Pack Elementor addons plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-5173MEDIUMHT Mega – Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Player Widget SettingsEPSS 0.3%

← anteriorpágina 51 / 77siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →