Exposición de Elementor

Page builders, WordPress plugins

717

score de exposición

960.635

sitios usan

0

en explotación

47

críticos

Análisis Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1535 resultados

CVE-2025-11220MEDIUMElementor <= 3.33.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Text PathEPSS 0.2%CVE-2025-11820MEDIUMGraphina – Elementor Charts and Graphs <= 3.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart WidgetsEPSS 0.2%CVE-2026-3311MEDIUMThe Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress BarEPSS 0.2%CVE-2025-22321MEDIUMWordPress ElementsCSS Addons for Elementor plugin <= 1.0.8.9 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-22818MEDIUMWordPress S3Player plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-22333MEDIUMWordPress Piotnet Addons For Elementor plugin <= 2.4.31 - Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2025-22323MEDIUMWordPress Image Hover Effects for Elementor plugin <= 1.0.2.4 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-6687MEDIUMMagic Buttons for Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button ShortcodeEPSS 0.2%CVE-2025-5338MEDIUMRoyal Elementor Addons <= 1.7.1028 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Multiple WidgetsEPSS 0.2%CVE-2025-69363MEDIUMWordPress Responsive Addons for Elementor plugin <= 2.0.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-48870MEDIUMWordPress King Addons for Elementor plugin <= 51.1.62 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-50555MEDIUMWordPress Elementor Website Builder plugin <= 3.29.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-5243MEDIUMThe Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Navigation Menu Lite WidgetEPSS 0.2%CVE-2026-11603MEDIUMProduct Filter Widget for Elementor <= 1.0.6 - Reflected Cross-Site Scripting via 'args[filterFormArray]' ParameterEPSS 0.2%CVE-2025-10873MEDIUMElementinvader Addons for Elementor < 1.4.1 – Unauthenticated Arbitrary Email SendingEPSS 0.2%CVE-2025-48295MEDIUMWordPress Easy Elementor Addons plugin <= 2.2.5 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.2%CVE-2025-53982MEDIUMWordPress JetElements For Elementor plugin <= 2.7.7 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.2%CVE-2025-53989MEDIUMWordPress JetBlocks For Elementor plugin <= 1.3.19 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.2%CVE-2025-4479MEDIUMElementsKit Lite <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison WidgetEPSS 0.2%CVE-2025-1054MEDIUMUiCore Elements – Free Elementor widgets and templates <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple WidgetsEPSS 0.2%

← anteriorpágina 68 / 77siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →