Exposição de Elementor

Page builders, WordPress plugins

702

score de exposição

960.635

sites usam

0

em exploração

46

críticos

Análise Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1.532 resultados

CVE-2024-33945MEDIUMWordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 1.8 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-53988MEDIUMWordPress JetBlocks For Elementor <= 1.3.18 - Sensitive Data Exposure VulnerabilityEPSS 0.3%CVE-2024-12599MEDIUMHT Mega – Absolute Addons For Elementor <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown WidgetEPSS 0.3%CVE-2024-49676MEDIUMWordPress Custom Icons for Elementor plugin <= 0.3.3 - Arbitrary File Upload vulnerabilityEPSS 0.3%CVE-2024-54338MEDIUMWordPress Hello Event Widgets For Elementor plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-6495MEDIUMPremium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text WidgetEPSS 0.3%CVE-2025-9045MEDIUMEasy Elementor Addons <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-7791MEDIUM140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Grid WidgetEPSS 0.3%CVE-2024-6627MEDIUMHappy Addons for Elementor <= 3.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via PDF View WidgetEPSS 0.3%CVE-2024-6575MEDIUMThe Plus Addons for Elementor <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TP Page Scroll WidgetEPSS 0.3%CVE-2024-54224MEDIUMWordPress ElementsReady Addons for Elementor plugin <= 6.4.7 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-9618MEDIUMMaster Addons <= 2.0.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple WidgetsEPSS 0.3%CVE-2026-1210MEDIUMHappy Addons for Elementor <= 3.20.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_elementor_data' Meta FieldEPSS 0.3%CVE-2024-4401MEDIUMElementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and eae_slider_animation ParametersEPSS 0.3%CVE-2024-4262MEDIUMPiotnet Addons For Elementor <= 2.4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget AttributesEPSS 0.3%CVE-2024-5344MEDIUMThe Plus Addons for Elementor Page Builder <= 5.5.6 - Reflected Cross-Site Scripting via WP Login and Register WidgetEPSS 0.3%CVE-2024-13113MEDIUMCountdown Timer for Elementor < 1.3.7 - Contributor+ Stored XSSEPSS 0.3%CVE-2025-8401MEDIUMHT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Sensitive Information ExposureEPSS 0.3%CVE-2025-26983MEDIUMWordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.4.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-10091MEDIUMElementsKit Elementor addons <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison WidgetEPSS 0.3%

← anteriorpágina 42 / 77próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →