Exposição de Elementor

Page builders, WordPress plugins

720

score de exposição

960.635

sites usam

0

em exploração

47

críticos

Análise Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1.535 resultados

CVE-2024-9444MEDIUMElementsReady Addons for Elementor <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadEPSS 0.3%CVE-2024-13832MEDIUMUltra Addons Lite for Elementor <= 1.1.8 - Authenticated (Contributor+) Restricted Post DisclosureEPSS 0.3%CVE-2024-12205MEDIUMThemesflat Addons For Elementor <= 2.2.4 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-9069MEDIUMGraphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadEPSS 0.3%CVE-2024-12457MEDIUMChat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-11230MEDIUMElementor Header & Footer Builder <= 1.6.46 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title WidgetEPSS 0.3%CVE-2024-12062MEDIUMCharity Addon for Elementor <= 1.3.3 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-10693MEDIUMSKT Addons for Elementor <= 3.3 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-9542MEDIUMSky Addons for Elementor <= 2.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Content Switcher Widget Elementor TemplateEPSS 0.3%CVE-2023-1807MEDIUMElementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Cross-Site Request Forgery via toggle_widgetEPSS 0.3%CVE-2024-5091HIGHSKT Addons for Elementor <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate and Creative Slider WidgetsEPSS 0.3%CVE-2024-9068MEDIUMOneElements – Best Elementor Addons <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadEPSS 0.3%CVE-2023-4689MEDIUMElementor Addon Elements <= 1.12.7 - Cross-Site Request ForgeryEPSS 0.3%CVE-2023-4690MEDIUMElementor Addon Elements <= 1.12.7 - Cross-Site Request ForgeryEPSS 0.3%CVE-2024-8494MEDIUMElementor Website Builder Pro – More than Just a Page Builder <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via ShortcodeEPSS 0.3%CVE-2025-39451HIGHWordPress JetBlocks For Elementor plugin <= 1.3.16 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-39447HIGHWordPress JetElements For Elementor plugin <= 2.7.4.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2023-39993MEDIUMWordPress ElementsKit Lite plugin <= 2.9.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-10323MEDIUMJetWidgets For Elementor <= 1.0.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadEPSS 0.3%CVE-2024-8960MEDIUMCowidgets – Elementor Addons <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadEPSS 0.3%

← anteriorpágina 45 / 77próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →