Exposure of Elementor

Page builders, WordPress plugins
720
exposure score
960,635
sites use
0
exploited
47
critical
Vexday analysis

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1,535 results
CVE-2024-4379MEDIUMPremium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Global TooltipEPSS 0.3%CVE-2024-56254MEDIUMWordPress Move Addons for Elementor plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-32791MEDIUMWordPress Premium Addons for Elementor plugin <= 4.10.25 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-3162MEDIUMJeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via TestimonialEPSS 0.3%CVE-2024-2791MEDIUMMetform Elementor Contact Form Builder <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via WidgetsEPSS 0.3%CVE-2024-2790MEDIUMHT Mega – Absolute Addons For Elementor <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion/FAQEPSS 0.3%CVE-2024-2781MEDIUMElementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via video_html_tagEPSS 0.3%CVE-2024-2308MEDIUMElementInvader Addons for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-1429MEDIUMElement Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Panel Slider WidgetEPSS 0.3%CVE-2024-1426MEDIUMElement Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price List WidgetEPSS 0.3%CVE-2024-5576MEDIUMTutor LMS Elementor Addons <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Course Carousel WidgetEPSS 0.3%CVE-2024-30484MEDIUMWordPress RT Easy Builder plugin <= 2.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-35724MEDIUMWordPress Bosa Elementor Addons and Templates for WooCommerce plugin <= 1.0.12 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-68560HIGHWordPress TheGem Theme Elements (for Elementor) plugin <= 5.10.5.1 - Local File Inclusion vulnerabilityEPSS 0.3%CVE-2023-34370HIGHServer Side Request Forgery (SSRF) vulnerability in Starter Templates pluginsEPSS 0.3%CVE-2024-4896MEDIUMWPB Elementor Addons <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via url ParameterEPSS 0.3%CVE-2024-2618MEDIUMElementor Header & Footer Builder <= 1.6.26 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-4667MEDIUMBlog, Posts and Category Filter for Elementor <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post and Category Filter WidgetEPSS 0.3%CVE-2024-4626MEDIUMJetWidgets For Elementor <= 1.0.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_type and id ParametersEPSS 0.3%CVE-2024-4570MEDIUMElementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →