Exposición de Elementor

Page builders, WordPress plugins

720

score de exposición

960.635

sitios usan

0

en explotación

47

críticos

Análisis Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1535 resultados

CVE-2024-47364MEDIUMWordPress Move Addons for Elementor plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-47357MEDIUMWordPress Happy Addons for Elementor plugin <= 3.12.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-49292MEDIUMWordPress Exclusive Addons for Elementor plugin <= 2.7.1 - Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2024-49264MEDIUMWordPress Events Addon for Elementor plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-47632MEDIUMWordPress DethemeKit For Elementor plugin <= 2.1.7 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-47630MEDIUMWordPress ElementInvader Addons for Elementor plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-47392MEDIUMWordPress Element Pack Elementor Addons plugin <= 5.7.5 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-47390MEDIUMWordPress Jeg Elementor Kit plugin <= 2.6.8 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-12624MEDIUMSina Extension for Elementor <= 3.5.91 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Sina Image DifferEPSS 0.2%CVE-2025-13535MEDIUMKing Addons for Elementor <= 51.1.38 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple WidgetsEPSS 0.2%CVE-2024-47383MEDIUMWordPress The Pack Elementor addons plugin 2.0.8.8 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2023-51529MEDIUMWordPress HT Mega Plugin <= 2.3.3 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-43342MEDIUMWordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-8118MEDIUMRoyal Addons for Elementor – Addons and Templates Kit for Elementor 1.7.1058 - 1.7.1059 - Authenticated (Contributor+) Arbitrary File Read via Data Table Widget CSV File SourceEPSS 0.2%CVE-2025-1526MEDIUMDethemeKit for Elementor <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2024-56063MEDIUMWordPress Essential Addons for Elementor plugin <= 6.0.7 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-50447MEDIUMWordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.19 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-35703MEDIUMWordPress Sina Extension for Elementor plugin <= 3.5.3 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-51675MEDIUMWordPress aThemes Addons for Elementor plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-56062MEDIUMWordPress Royal Elementor Addons and Templates plugin <= 1.3.987 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%

← anteriorpágina 58 / 77siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →