Exposición de Elementor

Page builders, WordPress plugins

717

score de exposición

960.635

sitios usan

0

en explotación

47

críticos

Análisis Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1535 resultados

CVE-2025-8564MEDIUMSKT Addons for Elementor <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple WidgetsEPSS 0.2%CVE-2025-8388MEDIUMPowerPack Lite for Elementor <= 2.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Via 'cursor_url'EPSS 0.2%CVE-2025-8215MEDIUMResponsive Addons for Elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple WidgetsEPSS 0.2%CVE-2025-1512MEDIUMPowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-8150MEDIUMEvents Addon for Elementor <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typewriter and Countdown WidgetsEPSS 0.2%CVE-2025-8149MEDIUMaThemes Addons for Elementor Lite <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown WidgetEPSS 0.2%CVE-2025-7845MEDIUMStratum – Elementor Widgets <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot WidgetsEPSS 0.2%CVE-2025-2330MEDIUMAll-in-One Addons for Elementor – WidgetKit <= 2.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via button+modal WidgetEPSS 0.2%CVE-2025-54037MEDIUMWordPress News Kit Elementor Addons plugin <= 1.3.4 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-46472MEDIUMWordPress The Pack Elementor addons plugin <= 2.1.6 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.2%CVE-2025-46260MEDIUMWordPress Sky Addons for Elementor plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-14149MEDIUMXpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Scroller Widget box linkEPSS 0.2%CVE-2026-9281MEDIUMMaster Addons For Elementor <= 3.1.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'jtlma_custom_js' Page Setting (Custom JS Extension)EPSS 0.2%CVE-2026-25440MEDIUMWordPress Essential Addons for Elementor plugin < 6.6.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2022-47175MEDIUMWordPress Royal Elementor Addons Plugin <= 1.3.75 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2022-47169MEDIUMWordPress Visibility Logic for Elementor Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-22136MEDIUMWordPress Droit Elementor Addons Plugin <= 3.1.5 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2025-4774MEDIUMPremium Addons for Elementor <= 4.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown WidgetEPSS 0.2%CVE-2024-6628MEDIUMEleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Cross-Site Request ForgeryEPSS 0.2%CVE-2024-13642MEDIUMStratum – Elementor Widgets <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerability via Image Hotspot WidgetEPSS 0.2%

← anteriorpágina 66 / 77siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →