Exposición de Elementor

Page builders, WordPress plugins

717

score de exposición

960.635

sitios usan

0

en explotación

47

críticos

Análisis Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1535 resultados

CVE-2025-57995MEDIUMWordPress DethemeKit For Elementor Plugin <= 2.1.10 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-24956CRITICALWordPress Download Manager Addons for Elementor plugin <= 1.3.0 - SQL Injection vulnerabilityEPSS 0.2%CVE-2026-28135HIGHWordPress Royal Elementor Addons plugin <= 1.7.1052 - Other vulnerability Type vulnerabilityEPSS 0.2%CVE-2024-49319MEDIUMWordPress Awesome Contact Form7 for Elementor plugin <= 3.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-49262MEDIUMWordPress Country Flags for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-53749MEDIUMWordPress Post Carousel Slider for Elementor plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-53746MEDIUMWordPress Elementor Button Plus plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-53744MEDIUMWordPress Elementor Image Gallery plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-53743MEDIUMWordPress Countdown Timer for Elementor plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-3063MEDIUMWPB Elementor Addons <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-24584MEDIUMWordPress Ultimate Store Kit Elementor Addons plugin <= 2.3.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-3831MEDIUMDatabase for Contact Form 7, WPforms, Elementor forms <= 1.4.9 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via ShortcodeEPSS 0.2%CVE-2023-6788MEDIUMMetform Elementor Contact Form Builder <= 3.8.1 - Cross-Site Request ForgeryEPSS 0.2%CVE-2026-23543MEDIUMWordPress Essential Addons for Elementor plugin <= 6.5.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-13547MEDIUMaThemes Addons for Elementor <= 1.0.12 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2024-13644MEDIUMDethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via De Gallery WidgetEPSS 0.2%CVE-2025-8666MEDIUMTestimonial Carousel For Elementor <= 11.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple WidgetsEPSS 0.2%CVE-2023-51407MEDIUMWordPress Split Test For Elementor plugin <= 1.6.9 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-7440MEDIUMAnber Elementor Addon <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Carousel button linkEPSS 0.2%CVE-2025-26772MEDIUMWordPress DethemeKit For Elementor plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%

← anteriorpágina 62 / 77siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →