Exposição de Elementor

Page builders, WordPress plugins

720

score de exposição

960.635

sites usam

0

em exploração

47

críticos

Análise Vexday

O plugin Elementor acumula 1.532 CVEs catalogadas, um volume expressivo que reflete sua ampla adoção no ecossistema WordPress e a consequente atenção de pesquisadores de segurança. A falha mais comum é CWE-79 (Cross-Site Scripting), padrão esperado em componentes de construção de páginas com superfície de entrada extensa. Embora a taxa de exploração ativa esteja abaixo da média geral do catálogo CISA KEV, o EPSS mais alto observado chega a 0,92943 — valor atribuído à CVE-2022-1329 —, indicando alta probabilidade de exploração ativa para essa vulnerabilidade específica, o que justifica tratamento prioritário. O ritmo de 82 novas CVEs nos últimos 90 dias, somado a 46 de severidade crítica no histórico, reforça a necessidade de ciclos de atualização contínuos para ambientes que utilizam esse plugin.

CVEs

1.535 resultados

CVE-2024-0845MEDIUMPDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via renderEPSS 0.3%CVE-2024-4580MEDIUMMaster Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.0 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-4478MEDIUMHappy Addons for Elementor <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group WidgetEPSS 0.3%CVE-2024-4378MEDIUMPremium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Menu and Shape DividerEPSS 0.3%CVE-2024-4364MEDIUMQi Addons For Elementor <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button WidgetEPSS 0.3%CVE-2024-5347MEDIUMHappy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation WidgetEPSS 0.3%CVE-2024-5073MEDIUMEssential Addons for Elementor <= 5.9.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter FeedEPSS 0.3%CVE-2024-30423MEDIUMWordPress Better Elementor Addons plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-54247MEDIUMWordPress ABCBiz Addons and Templates for Elementor plugin <= 2.0.2 - Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-1166MEDIUMImage Hover Effects - Elementor Addon <= 1.4.1 - Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects WidgetEPSS 0.3%CVE-2024-2924MEDIUMCreative Addons for Elementor <= 1.5.12 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-2253MEDIUMTestimonial Carousel For Elementor <= 10.2.2 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-5611MEDIUMStratum – Elementor Widgets <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown WidgetEPSS 0.3%CVE-2024-5041MEDIUMHappy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image AccordionEPSS 0.3%CVE-2024-13155MEDIUMUnlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.140 - Authenticated (Contributor+) Stored Cross-Site Scripting via Transparent Split Hero WidgetEPSS 0.3%CVE-2026-2295MEDIUMWPZOOM Addons for Elementor – Starter Templates & Widgets <= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_moreEPSS 0.3%CVE-2024-10582MEDIUMMusic Player for Elementor – Audio Player & Podcast Player <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Template ImportEPSS 0.3%CVE-2024-4391MEDIUMHappy Addons for Elementor Authenticated (Contributor+) Stored-XSS <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar WidgetEPSS 0.3%CVE-2024-4087MEDIUMRoyal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting via Back to Top WidgetEPSS 0.3%CVE-2024-3926MEDIUMElement Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributesEPSS 0.3%

← anteriorpágina 37 / 77próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →