Exposição de Elementor

Page builders, WordPress plugins
720
score de exposição
960.635
sites usam
0
em exploração
47
críticos
Análise Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1.535 resultados
CVE-2024-5341MEDIUMThe Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title WidgetEPSS 0.3%CVE-2025-11363MEDIUMRoyal Elementor Addons and Templates < 1.7.1037 - Unauthenticated Media File UploadEPSS 0.3%CVE-2025-4659MEDIUMIntegration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.4 - Unauthenticated Full Path DisclosureEPSS 0.3%CVE-2022-47166MEDIUMWordPress Void Contact Form 7 Widget For Elementor Page Builder Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2022-45076MEDIUMWordPress Flexible Elementor Panel Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2024-10266MEDIUMPremium Addons for Elementor <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Video Box WidgetEPSS 0.3%CVE-2024-12328MEDIUMMAS Elementor <= 1.1.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVGEPSS 0.3%CVE-2025-1287MEDIUMThe Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple WidgetsEPSS 0.3%CVE-2024-2923MEDIUMMagical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) <= 1.1.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Effect WidgetEPSS 0.3%CVE-2026-25320MEDIUMWordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-56226HIGHWordPress Royal Elementor Addons plugin <= 1.7.1001 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-30925MEDIUMWordPress The Pack Elementor addons plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-9064MEDIUMElementor Inline SVG <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadEPSS 0.3%CVE-2023-32245MEDIUMWordPress Essential Addons for Elementor Pro Plugin <= 5.4.8 is vulnerable to Server Side Request Forgery (SSRF)EPSS 0.3%CVE-2022-45067MEDIUMWordPress Exclusive Addons Elementor Plugin <= 2.6.1 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2024-34547MEDIUMWordPress Magical Addons For Elementor plugin <= 1.1.34 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2026-57619MEDIUMWordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2025-9082MEDIUMWPBITS Addons For Elementor <= 1.8 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2026-6393MEDIUMBetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API UsageEPSS 0.3%CVE-2024-56227MEDIUMWordPress Royal Elementor Addons plugin <= 1.7.1001 - Broken Access Control vulnerabilityEPSS 0.3%

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →