Exposición de Elementor

Page builders, WordPress plugins

702

score de exposición

960.635

sitios usan

0

en explotación

46

críticos

Análisis Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1532 resultados

CVE-2024-4446MEDIUMContent Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType ParameterEPSS 0.4%CVE-2024-9376MEDIUMKata Plus – Addons for Elementor – Widgets, Extensions and Templates <= 1.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadEPSS 0.4%CVE-2024-3929MEDIUMContent Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Post OverlayEPSS 0.4%CVE-2024-50542MEDIUMWordPress RLM Elementor Widgets Pack plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2024-51852MEDIUMWordPress Dynamic Post Grid Elementor Addon plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2024-51841MEDIUMWordPress File Select Control For Elementor plugin <= 1.3 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2024-5686MEDIUMWPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members WidgetEPSS 0.4%CVE-2024-4868MEDIUMExtensions for Elementor <= 2.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via EE Events and EE Flipbox WidgetEPSS 0.4%CVE-2026-5162MEDIUMRoyal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via Instagram Feed WidgetEPSS 0.4%CVE-2023-50901HIGHWordPress HT Mega Plugin <= 2.3.8 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2023-41236HIGHWordPress Happy Elementor Addons Pro Plugin <= 2.8.0 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2024-4643MEDIUMElement Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.4%CVE-2024-2787MEDIUMHappy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title HTML TagEPSS 0.4%CVE-2024-1238MEDIUMElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.4%CVE-2024-4695MEDIUMMove Addons for Elementor <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple WidgetsEPSS 0.4%CVE-2024-37255MEDIUMWordPress ElementsKit Lite plugin <= 3.1.4 - Unauthenticated Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-24883MEDIUMWordPress Prime Slider plugin <= 3.11.10 - Broken Access Control on Duplicate Post vulnerabilityEPSS 0.4%CVE-2024-5504MEDIUMRife Elementor Extensions & Templates <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline WidgetEPSS 0.3%CVE-2024-4697MEDIUMCowidgets – Elementor Addons <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via heading_tag ParameterEPSS 0.3%CVE-2024-10493MEDIUMElement Pack Elementor Addons < 5.10.3 - Contributor+ Stored XSSEPSS 0.3%

← anteriorpágina 30 / 77siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →