Exposição de Elementor

Page builders, WordPress plugins

717

score de exposição

960.635

sites usam

0

em exploração

47

críticos

Análise Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1.535 resultados

CVE-2024-51680MEDIUMWordPress Cresta Addons for Elementor plugin <= 1.0.9 - Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-51787MEDIUMWordPress ElementsReady Addons for Elementor plugin <= 6.4.3 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-54210MEDIUMWordPress Advanced Element Bucket Addons for Elementor plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-51683MEDIUMWordPress Custom post type templates for Elementor plugin <= 1.10.1 - Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-51682MEDIUMWordPress HT Builder – WordPress Theme Builder for Elementor plugin <= 1.3.0 - Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-0831MEDIUMTemplately <= 3.4.8 - Unauthenticated Limited Arbitrary JSON File WriteEPSS 0.2%CVE-2025-22646MEDIUMWordPress aThemes Addons for Elementor plugin <= 1.0.8 - Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-4783MEDIUMExclusive Addons for Elementor <= 2.7.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer WidgetEPSS 0.2%CVE-2024-47375MEDIUMWordPress XLTab – Accordions and Tabs for Elementor Page Builder plugin <= 1.3 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-26912MEDIUMWordPress Easy Elementor Addons plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-22648MEDIUMWordPress Blog, Posts and Category Filter for Elementor plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-9203MEDIUMMedia Player Addons for Elementor <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget FieldsEPSS 0.2%CVE-2025-4943MEDIUMLA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-lakit-element-link ParameterEPSS 0.2%CVE-2025-67947HIGHWordPress AdForest Elementor plugin <= 3.0.11 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-22806MEDIUMWordPress Black Widgets For Elementor plugin <= 1.3.8 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-11180MEDIUMElementsKit Elementor addons <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-8874MEDIUMMaster Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations <= 2.0.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fancyBoxEPSS 0.2%CVE-2025-1455MEDIUMRoyal Elementor Addons and Templates <= 1.7.1012 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-1456MEDIUMRoyal Elementor Addons and Templates <= 1.7.1012 - Authenticated DOM-Based (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-63077MEDIUMWordPress Happy Addons for Elementor plugin <= 3.20.3 - Broken Access Control vulnerabilityEPSS 0.2%

← anteriorpágina 61 / 77próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →