Exposição de Elementor

Page builders, WordPress plugins

720

score de exposição

960.635

sites usam

0

em exploração

47

críticos

Análise Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1.535 resultados

CVE-2025-53230HIGHWordPress Page Manager for Elementor Plugin <= 2.0.5 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-40745HIGHWordPress Element Pack Elementor Addons plugin <= 8.4.2 - SQL Injection vulnerabilityEPSS 0.2%CVE-2024-10538MEDIUMHappy Addons for Elementor <= 3.12.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image ComparisonEPSS 0.2%CVE-2024-9058MEDIUMElement Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox WidgetEPSS 0.2%CVE-2024-47353MEDIUMWordPress ElementsReady Addons for Elementor plugin <= 6.4.2 - Open Redirection vulnerabilityEPSS 0.2%CVE-2025-49262HIGHWordPress Sina Extension for Elementor plugin <= 3.6.1 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.2%CVE-2026-2568HIGHWP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.5 - Unauthenticated Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-31636HIGHWordPress WP Post Modules for Elementor plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-31850MEDIUMWordPress PDF Generator Addon for Elementor Page Builder plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-62019MEDIUMWordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.4.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-31857MEDIUMWordPress Directorist AddonsKit for Elementor plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-31869MEDIUMWordPress Black Widgets For Elementor plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-63026MEDIUMWordPress Grand Restaurant Theme Elements for Elementor plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-7644MEDIUMPixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-3863MEDIUMPost Carousel Slider for Elementor <= 1.6.0 - Authenticated (Subscriber+) Missing Authorization via process_wbelps_promo_form FunctionEPSS 0.2%CVE-2024-51584MEDIUMWordPress Marquee Elementor with Posts plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-51587MEDIUMWordPress Definitive Addons for Elementor plugin <= 1.5.16 - Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-51580MEDIUMWordPress Clever Addons for Elementor plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-51590MEDIUMWordPress Hoo Addons for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-49631MEDIUMWordPress Easy Addons for Elementor plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%

← anteriorpágina 60 / 77próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →