Exposição de Elementor

Page builders, WordPress plugins

720

score de exposição

960.635

sites usam

0

em exploração

47

críticos

Análise Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1.535 resultados

CVE-2024-5818MEDIUMRoyal Elementor Addons and Templates <= 1.3.980 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Magazine Grid/Slider WidgetEPSS 0.2%CVE-2024-5583MEDIUMThe Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget SettingsEPSS 0.2%CVE-2024-2254MEDIUMRT Easy Builder – Advanced addons for Elementor <= 2.3 - Authenticated (Contributor+) Stored Cross-site ScriptingEPSS 0.2%CVE-2025-60096MEDIUMWordPress TheGem (Elementor) Theme <= 5.10.5 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-15369MEDIUMXpro Addons — 140+ Widgets for Elementor <= 1.5.0 - Missing Authorization to Unauthenticated Xpro Template CreationEPSS 0.2%CVE-2025-31529MEDIUMWordPress Slider Path for Elementor plugin <= 3.0.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2023-40679MEDIUMWordPress Master Elementor Addons plugin <= 2.0.5.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-39667MEDIUMWordPress Element Pack Elementor Addons plugin <= 5.6.11 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-13649MEDIUM140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.7 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2024-34817MEDIUMWordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-39644MEDIUMWordPress Black Widgets For Elementor plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-43150MEDIUMWordPress Xpro Elementor Addons plugin <= 1.4.4.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-5290MEDIUMBorderless – Elementor Addons and Templates <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2024-51927MEDIUMWordPress Rig Elements For Elementor plugin <= 1.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-43210MEDIUMWordPress LA-Studio Element Kit for Elementor plugin <= 1.3.9.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-49267MEDIUMWordPress Unlimited Addon For Elementor plugin <=2.0.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-43123MEDIUMWordPress Card Elements for Elementor plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-43291MEDIUMWordPress Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-43324MEDIUMWordPress Clever Addons for Elementor plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-66136MEDIUMWordPress Carter for Elementor plugin <= 1.0.2 - Broken Access Control vulnerabilityEPSS 0.2%

← anteriorpágina 56 / 77próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →