Exposure of Elementor

Page builders, WordPress plugins

720

exposure score

960,635

sites use

0

exploited

47

critical

Vexday analysis

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1,535 results

CVE-2024-32593MEDIUMWordPress WPBITS Addons For Elementor Page Builder plugin <= 1.3.4.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-2798MEDIUMRoyal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) DOM-Based Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-3889MEDIUMRoyal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Accordion Title TagsEPSS 0.3%CVE-2024-37437MEDIUMWordPress Elementor Website Builder plugin <= 3.22.1 - Arbitrary SVG File Download vulnerabilityEPSS 0.3%CVE-2026-25468MEDIUMWordPress Happy Addons for Elementor plugin <= 3.20.8 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2024-10365MEDIUMThe Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.0.3 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor TemplatesEPSS 0.3%CVE-2024-12532MEDIUMBWD Elementor Addons <= 4.3.18 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor TemplatesEPSS 0.3%CVE-2024-54253MEDIUMWordPress Xpro Addons For Elementor plugin <= 1.4.6.5 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-2250MEDIUM130+ Widgets | Best Addons For Elementor – FREE <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-1508MEDIUMPrime Slider – Addons For Elementor <= 3.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Mercury WidgetEPSS 0.3%CVE-2024-10352MEDIUMMagical Addons For Elementor <= 1.2.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor TemplateEPSS 0.3%CVE-2024-10319MEDIUM140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor TemplateEPSS 0.3%CVE-2024-9541MEDIUMNews Kit Elementor Addons <= 1.2.1 - Authenticated (Contributor+) Sensitive Information Exposure via Canvas Menu Elementor TemplateEPSS 0.3%CVE-2024-9889MEDIUMElementInvader Addons for Elementor <= 1.2.9 - Authenticated (Contributor+) Information ExposureEPSS 0.3%CVE-2024-33649MEDIUMWordPress Opal Widgets For Elementor plugin <= 1.6.9 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-4702MEDIUMMega Elements <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button WidgetEPSS 0.3%CVE-2024-4486MEDIUMAwesome Contact Form7 for Elementor <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via AEP Contact Form 7 WidgetEPSS 0.3%CVE-2025-57939MEDIUMWordPress Image Hover Effects – Elementor Addon Plugin <= 1.4.4 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-27986MEDIUMWordPress Livemesh Addons for Elementor Plugin <= 8.3.5 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2024-3005MEDIUMLA-Studio Element Kit for Elementor <= 1.3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via LaStudioKit Post Author WidgetEPSS 0.3%

← previouspage 35 / 77next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →