Exposição de Elementor

Page builders, WordPress plugins

717

score de exposição

960.635

sites usam

0

em exploração

47

críticos

Análise Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1.535 resultados

CVE-2025-50038MEDIUMWordPress Anant Addons for Elementor plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-14275MEDIUMJeg Elementor Kit <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown WidgetEPSS 0.2%CVE-2025-14278MEDIUMHT Slider for Elementor <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-8195MEDIUMJetWidgets For Elementor <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison and Subscribe WidgetsEPSS 0.2%CVE-2025-62887MEDIUMWordPress King Addons for Elementor plugin <= 51.1.61 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-59553MEDIUMWordPress Custom iFrame for Elementor Plugin <= 1.0.13 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.2%CVE-2025-60112MEDIUMWordPress aThemes Addons for Elementor Plugin <= 1.1.2 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.2%CVE-2025-58793MEDIUMWordPress WPB Elementor Addons plugin <= 1.7 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-9029MEDIUMWDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.16 - Missing Authentication via wdkit_handle_review_submission FunctionEPSS 0.2%CVE-2026-49053MEDIUMWordPress ElementsKit Elementor addons Lite plugin <= 3.9.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-0633LOWMetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie ValueEPSS 0.2%CVE-2025-62923MEDIUMWordPress Marquee Addons for Elementor plugin <= 3.8.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-5292MEDIUMElement Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder <= 5.11.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-13141MEDIUMHT Mega – Absolute Addons For Elementor <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tag Attribute InjectionEPSS 0.2%CVE-2026-32462MEDIUMWordPress Master Addons for Elementor plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-8779MEDIUMAll-in-One Addons for Elementor – WidgetKit <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team and Countdown WidgetsEPSS 0.2%CVE-2025-12965MEDIUMMagical Posts Display <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion WidgetEPSS 0.2%CVE-2025-7439MEDIUMAnber Elementor Addon <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Banner button linkEPSS 0.2%CVE-2025-8199MEDIUMMarqueeAddons <= 2.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Marquee WidgetEPSS 0.2%CVE-2025-8687MEDIUMEnter Addons <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown and Image Comparison WidgetsEPSS 0.2%

← anteriorpágina 71 / 77próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →