CVE-2025-11220
- EPSS 0.04%
- Veröffentlicht 16.12.2025 11:15:44
- Zuletzt bearbeitet 16.12.2025 14:10:11
The Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Text Path widget in all versions up to, and including, 3.33.3 due to insufficient neutralization of user-supplied input used to build SVG markup inside ...
CVE-2025-8081
- EPSS 0.06%
- Veröffentlicht 12.08.2025 05:27:09
- Zuletzt bearbeitet 15.08.2025 18:00:55
The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the filename specified. This makes it possible for authentic...
CVE-2024-10453
- EPSS 0.21%
- Veröffentlicht 21.12.2024 10:15:05
- Zuletzt bearbeitet 27.03.2025 15:52:47
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typography Settings in all versions up to, and including, 3.25.9 due to insufficient input sanitization a...
CVE-2024-8236
- EPSS 0.16%
- Veröffentlicht 26.11.2024 14:15:22
- Zuletzt bearbeitet 21.04.2025 15:04:21
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter of the Icon widget in all versions up to, and including, 3.25.7 due to insufficient input sanitiza...