Exposição de Elementor

Page builders, WordPress plugins

717

score de exposição

960.635

sites usam

0

em exploração

47

críticos

Análise Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1.535 resultados

CVE-2025-26745MEDIUMWordPress RS Elements Elementor Addon plugin <= 1.1.5 - Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-48288MEDIUMWordPress ElementInvader Addons for Elementor plugin <= 1.3.5 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.2%CVE-2025-46434MEDIUMWordPress The Plus Addons for Elementor Pro plugin < 6.3.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-9994MEDIUMEssential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Pricing Table WidgetEPSS 0.2%CVE-2025-32269MEDIUMWordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.2%CVE-2025-39546MEDIUMWordPress ElementsReady Addons for Elementor plugin <= 6.6.2 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2025-66148MEDIUMWordPress Conformer for Elementor plugin <= 1.0.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66144MEDIUMWordPress Worker for Elementor plugin <= 1.0.10 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66146MEDIUMWordPress Logger for Elementor plugin <= 1.0.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66151MEDIUMWordPress Countdowner for Elementor plugin <= 1.0.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66152MEDIUMWordPress Criptopayer for Elementor plugin <= 1.0.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66153MEDIUMWordPress Headinger for Elementor plugin <= 1.1.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-48132MEDIUMWordPress X Addons for Elementor plugin <= 1.0.16 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.2%CVE-2025-63033MEDIUMWordPress Make Section & Column Clickable For Elementor plugin <= 2.4 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-62012MEDIUMWordPress TheGem (Elementor) theme <= 5.10.5 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-6244MEDIUMEssential Addons for Elementor – Popular Elementor Templates and Widgets <= 6.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Calendar` And `Business Reviews` WidgetsEPSS 0.2%CVE-2025-67594MEDIUMWordPress Thim Elementor Kit plugin <= 1.3.3 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-54050MEDIUMWordPress Responsive Addons for Elementor plugin <= 1.7.3 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.2%CVE-2025-49076MEDIUMWordPress The Plus Addons for Elementor Page Builder Lite plugin <= 6.2.7 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-48131MEDIUMWordPress UltraAddons Elementor Lite plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%

← anteriorpágina 73 / 77próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →