Exposure of Elementor

Page builders, WordPress plugins

720

exposure score

960,635

sites use

0

exploited

47

critical

Vexday analysis

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1,535 results

CVE-2024-2922MEDIUMThemesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget TagsEPSS 0.3%CVE-2024-2785MEDIUMThe Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age GateEPSS 0.3%CVE-2024-3645MEDIUMEssential Addons for Elementor Pro <= 5.8.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_html_tag'EPSS 0.3%CVE-2025-2228MEDIUMResponsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.8 - Authenticated (Contributor+) Sensitive Information ExposureEPSS 0.3%CVE-2023-0086MEDIUMJetWidgets for Elementor <= 1.0.12 - Cross-Site Request Forgery to Settings UpdateEPSS 0.3%CVE-2025-69312CRITICALWordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Arbitrary File Upload vulnerabilityEPSS 0.3%CVE-2024-50543MEDIUMWordPress amazing neo icon font for elementor plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-4376MEDIUMPremium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text WidgetEPSS 0.3%CVE-2024-5790MEDIUMHappy Addons for Elementor <= 3.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gradient Heading WidgetEPSS 0.3%CVE-2025-1005MEDIUMElementsKit Elementor addons <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion WidgetEPSS 0.3%CVE-2024-4606MEDIUMWordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder plugin <= 2.0.3 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2025-39589MEDIUMWordPress Essential Addons for Elementor plugin <= 6.1.9 - Sensitive Data Exposure VulnerabilityEPSS 0.3%CVE-2025-69356HIGHWordPress TheGem Theme Elements (for Elementor) plugin <= 5.11.0 - Local File Inclusion vulnerabilityEPSS 0.3%CVE-2025-30766MEDIUMWordPress Happy Addons for Elementor plugin <= 3.16.2 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.3%CVE-2025-30812MEDIUMWordPress SKT Addons for Elementor plugin <= 3.5 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-12340MEDIUMAnimation Addons for Elementor <= 1.1.6 - Authenticated (Contributor+) Sensitive Information Exposure via Content Slider and Tabs Widget Elementor TemplateEPSS 0.3%CVE-2024-24846HIGHWordPress Mighty Addons for Elementor Plugin <= 1.9.3 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2025-3103HIGHCLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon <= 2.4 - Unauthenticated Arbitrary File ReadEPSS 0.3%CVE-2024-5347MEDIUMHappy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation WidgetEPSS 0.3%CVE-2024-5073MEDIUMEssential Addons for Elementor <= 5.9.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter FeedEPSS 0.3%

← previouspage 36 / 77next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →