Exposición de Elementor

Page builders, WordPress plugins

720

score de exposición

960.635

sitios usan

0

en explotación

47

críticos

Análisis Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1535 resultados

CVE-2026-32372MEDIUMWordPress ShopBuilder – Elementor WooCommerce Builder Addons plugin <= 3.2.4 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2022-4102LOWRoyal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post DeletionEPSS 0.3%CVE-2024-49233MEDIUMWordPress MAS Elementor plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-49234MEDIUMWordPress Plexx Elementor Extension plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2026-1206MEDIUMElementor Website Builder <= 3.35.7 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Elementor TemplateEPSS 0.3%CVE-2026-24605MEDIUMWordPress X Addons for Elementor plugin <= 1.0.23 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-53823MEDIUMWordPress The Plus Addons for Elementor plugin <= 5.6.14 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-54212MEDIUMWordPress Magical Addons For Elementor plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-6550MEDIUMThe Pack Elementor addon <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2026-6048MEDIUMFlipbox Addon for Elementor <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Custom AttributesEPSS 0.2%CVE-2025-3614MEDIUMElementsKit Elementor Addons and Templates <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom WidgetEPSS 0.2%CVE-2024-6171MEDIUMUnlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - IP Address Spoofing to Antispam BypassEPSS 0.2%CVE-2024-51662MEDIUMWordPress Black Widgets For Elementor plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-51588MEDIUMWordPress Super Addons for Elementor plugin <= 1.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-51597MEDIUMWordPress ThemeShark Templates & Widgets for Elementor plugin <= 1.1.7 - Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-51585MEDIUMWordPress Sales Page Addon plugin <= 1.4.5 - Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-50449MEDIUMWordPress PDF Generator Addon for Elementor Page Builder plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-56241MEDIUMWordPress WPKoi Templates for Elementor plugin <= 3.1.3 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-51581MEDIUMWordPress Restaurant & Cafe Addon for Elementor plugin <= 1.5.6 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-22350MEDIUMWordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.3.1 - Broken Access Control vulnerabilityEPSS 0.2%

← anteriorpágina 55 / 77siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →