Exposición de Elementor

Page builders, WordPress plugins

720

score de exposición

960.635

sitios usan

0

en explotación

47

críticos

Análisis Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1535 resultados

CVE-2025-32186MEDIUMWordPress Turbo Addons for Elementor plugin <= 1.7.7 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-32191MEDIUMWordPress News Element Elementor Blog Magazine plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-32189MEDIUMWordPress BWD Elementor Addons plugin <= 4.4.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-50553MEDIUMWordPress Classy Addons for Elementor plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-50521MEDIUMWordPress Alley Elementor Widget plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-32190MEDIUMWordPress Musician's Pack For Elementor plugin <= 1.8.7 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-32196MEDIUMWordPress News Kit Elementor Addons plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-32163MEDIUMWordPress Xpro Elementor Addons plugin <= 1.4.10 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-14732MEDIUMElementor Website Builder <= 3.35.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST APIEPSS 0.3%CVE-2024-1427MEDIUMThe Post Grid <= 7.7.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via section title tagEPSS 0.3%CVE-2024-3925MEDIUMElement Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick eventsEPSS 0.3%CVE-2024-5419MEDIUMVoid Contact Form 7 Widget For Elementor Page Builder <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7_redirect_page AttributeEPSS 0.3%CVE-2024-4205MEDIUMPremium Addons for Elementor <= 4.10.31 - Missing Authorization to Information DisclosureEPSS 0.3%CVE-2024-30422MEDIUMWordPress Elementor Addon Elements plugin <= 1.13.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-33933MEDIUMWordPress Elementor Header & Footer Builder plugin <= 1.6.35 - Contributor+ DOM-Based Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-2507MEDIUMJetWidgets For Elementor <= 1.0.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Widget Button URLEPSS 0.3%CVE-2024-2491MEDIUMPowerPack Addons for Elementor <= 2.7.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via *_html_tag*EPSS 0.3%CVE-2024-2139MEDIUMMaster Addons for Elementor <= 2.0.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table WidgetEPSS 0.3%CVE-2024-0367MEDIUMUnlimited Elements For Elementor <= 1.5.96 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget LinkEPSS 0.3%CVE-2024-3989MEDIUMHT Mega – Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery JustifyEPSS 0.3%

← anteriorpágina 33 / 77siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →