Exposure of Elementor

Page builders, WordPress plugins

720

exposure score

960,635

sites use

0

exploited

47

critical

Vexday analysis

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1,535 results

CVE-2024-4489MEDIUMRoyal Elementor Addons and Templates <= 1.3.976 - Authenticated (Author+) Stored Cross-Site Scripting via SVG UploadsEPSS 0.3%CVE-2024-5161MEDIUMMagical Addons For Elementor <= 1.1.39 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-5152MEDIUMElementsReady Addons for Elementor <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2023-35050MEDIUMWordPress Elementor Pro plugin <= 3.13.0 - Auth. Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-32727MEDIUMWordPress RomethemeForm For Elementor plugin <= 1.1.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-35656HIGHWordPress Elementor Pro <= 3.21.2 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-53988MEDIUMWordPress JetBlocks For Elementor <= 1.3.18 - Sensitive Data Exposure VulnerabilityEPSS 0.3%CVE-2024-38686MEDIUMWordPress FancyPost plugin <= 5.3.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-33945MEDIUMWordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 1.8 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-30800MEDIUMWordPress Gum Elementor Addon plugin <= 1.3.10 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-12599MEDIUMHT Mega – Absolute Addons For Elementor <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown WidgetEPSS 0.3%CVE-2024-49676MEDIUMWordPress Custom Icons for Elementor plugin <= 0.3.3 - Arbitrary File Upload vulnerabilityEPSS 0.3%CVE-2024-54338MEDIUMWordPress Hello Event Widgets For Elementor plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-7791MEDIUM140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Grid WidgetEPSS 0.3%CVE-2024-6495MEDIUMPremium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text WidgetEPSS 0.3%CVE-2024-6575MEDIUMThe Plus Addons for Elementor <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TP Page Scroll WidgetEPSS 0.3%CVE-2025-9045MEDIUMEasy Elementor Addons <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-6627MEDIUMHappy Addons for Elementor <= 3.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via PDF View WidgetEPSS 0.3%CVE-2024-54224MEDIUMWordPress ElementsReady Addons for Elementor plugin <= 6.4.7 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2026-1210MEDIUMHappy Addons for Elementor <= 3.20.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_elementor_data' Meta FieldEPSS 0.3%

← previouspage 42 / 77next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →