Exposure of Elementor

Page builders, WordPress plugins

720

exposure score

960,635

sites use

0

exploited

47

critical

Vexday analysis

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1,535 results

CVE-2024-24831MEDIUMWordPress Premium Addons for Elementor plugin <= 4.10.16 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-32592MEDIUMWordPress Void Elementor WHMCS Elements For Elementor Page Builder plugin <= 2.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-38687MEDIUMWordPress Sky Addons for Elementor plugin <= 2.5.5 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-1421MEDIUMHT Mega – Absolute Addons For Elementor <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Carousel WidgetEPSS 0.3%CVE-2024-3309MEDIUMQi Addons For Elementor <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown widgetEPSS 0.3%CVE-2024-1521MEDIUMElementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Widget SVGZ File UploadEPSS 0.3%CVE-2024-2249MEDIUMLA-Studio Element Kit for Elementor <= 1.3.7.4 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-0824MEDIUMExclusive Addons for Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link AnythingEPSS 0.3%CVE-2024-2132MEDIUMUltimate Bootstrap Elements for Elementor <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image WidgetEPSS 0.3%CVE-2024-2750MEDIUMExclusive Addons for Elementor <= 2.6.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button WidgetEPSS 0.3%CVE-2024-2136MEDIUMWPKoi Templates for Elementor <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Heading WidgetEPSS 0.3%CVE-2024-2137MEDIUMAll-in-One Addons for Elementor – WidgetKit <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing WidgetsEPSS 0.3%CVE-2024-2751MEDIUMExclusive Addons for Elementor <= 2.6.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBoxEPSS 0.3%CVE-2024-1364MEDIUMElementor Website Builder Pro <= 3.20.1 - Authententicated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-2085MEDIUMHT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'size'EPSS 0.3%CVE-2024-1327MEDIUMJeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image BoxEPSS 0.3%CVE-2024-2084MEDIUMHT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox WidgetEPSS 0.3%CVE-2024-13854MEDIUMEducation Addon for Elementor <= 1.3.1 - Authenticated (Contributor+) Insecure Direct Object Reference via naedu_elementor_template ShortcodeEPSS 0.3%CVE-2024-10689MEDIUMXLTab – Accordions and Tabs for Elementor Page Builder <= 1.4 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2026-27041CRITICALWordPress Unlimited Elements for Elementor (Premium) plugin <= 2.0.6 - Arbitrary File Upload vulnerabilityEPSS 0.3%

← previouspage 40 / 77next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →