Vulnerabilidades en elemntor
22 resultadosCVE-2022-1329HIGHElementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code ExecutionEPSS 92.9%CVE-2026-7567CRITICALTemporary Login <= 1.0.0 - Authentication Bypass to Account TakeoverEPSS 9.2%CVE-2026-2413HIGHAlly – Web Accessibility & Usability <= 4.0.3 - Unauthenticated SQL Injection via URL PathEPSS 2.3%CVE-2024-10788HIGHActivity Log – Monitor & Record User Changes <= 2.11.1 - Unauthenticated Stored Cross-Site Scripting via Event ContextEPSS 0.8%CVE-2020-36703MEDIUMElementor Website Builder <= 2.9.7 - Authenticated Stored Cross-Site ScriptingEPSS 0.5%CVE-2025-8081MEDIUMElementor <= 3.30.2 - Authenticated (Administrator+) Arbitrary File Read via Image ImportEPSS 0.5%CVE-2024-0506MEDIUMElementor Website Builder – More than Just a Page Builder <= 3.18.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_image_altEPSS 0.5%CVE-2024-2117MEDIUMElementor Website Builder – More than Just a Page Builder <= 3.20.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Path WidgetEPSS 0.5%CVE-2024-4619MEDIUMElementor Website Builder – More than Just a Page Builder <= 3.21.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site ScriptingEPSS 0.4%CVE-2024-6757MEDIUMElementor <= 3.23.5 - Authenticated (Contributor+) Basic Information Exposure via get_image_alt FunctionEPSS 0.4%CVE-2024-5416MEDIUMElementor Website Builder – More than Just a Page Builder <= 3.23.4 - Authenticated (Contributor+) Stored Cross-Site Scripting in the URL Parameter in Multiple WidgetsEPSS 0.4%CVE-2024-8236MEDIUMElementor Website Builder – More than Just a Page Builder <= 3.25.7 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.4%CVE-2025-1319HIGHSite Mailer <= 1.2.3 - Unauthenticated Stored Cross-Site ScriptingEPSS 0.4%CVE-2025-14732MEDIUMElementor Website Builder <= 3.35.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST APIEPSS 0.3%CVE-2024-10453MEDIUMElementor Website Builder – More than Just a Page Builder <= 3.25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typography SettingsEPSS 0.3%CVE-2024-13445MEDIUMElementor Website Builder – More Than Just a Page Builder <= 3.27.4 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2026-1206MEDIUMElementor Website Builder <= 3.35.7 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Elementor TemplateEPSS 0.3%CVE-2026-6127MEDIUMElementor Website Builder <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST APIEPSS 0.2%CVE-2025-4566MEDIUMElementor <= 3.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path WidgetEPSS 0.2%CVE-2025-11220MEDIUMElementor <= 3.33.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Text PathEPSS 0.2%