Elementor

Elementor Pro

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-3076

  • EPSS 0.04%
  • Veröffentlicht 10.06.2025 04:23:09
  • Zuletzt bearbeitet 11.07.2025 17:03:28

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_text’ parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it...

6.1

CVE-2024-35656

  • EPSS 0.21%
  • Veröffentlicht 22.07.2024 10:15:03
  • Zuletzt bearbeitet 21.11.2024 09:20:35

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elementor Elementor Pro allows Reflected XSS.This issue affects Elementor Pro: from n/a through 3.21.2.

6.5

CVE-2023-35050

  • EPSS 0.1%
  • Veröffentlicht 19.06.2024 13:15:52
  • Zuletzt bearbeitet 21.11.2024 08:07:53

Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through 3.13.0.

5.4

CVE-2024-4107

Exploit
  • EPSS 0.18%
  • Veröffentlicht 14.05.2024 15:42:54
  • Zuletzt bearbeitet 21.03.2025 15:55:25

The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output ...

5.4

CVE-2024-2781

  • EPSS 0.17%
  • Veröffentlicht 27.03.2024 07:15:54
  • Zuletzt bearbeitet 12.03.2025 13:57:48

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_html_tag attribute in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes i...

5.4

CVE-2024-2121

  • EPSS 0.13%
  • Veröffentlicht 27.03.2024 07:15:53
  • Zuletzt bearbeitet 12.03.2025 14:02:28

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Carousel widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user...

5.4

CVE-2024-1364

  • EPSS 0.13%
  • Veröffentlicht 27.03.2024 07:15:48
  • Zuletzt bearbeitet 12.03.2025 14:15:31

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget's custom_id in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attrib...

5.4

CVE-2024-1521

  • EPSS 0.12%
  • Veröffentlicht 27.03.2024 07:15:48
  • Zuletzt bearbeitet 12.03.2025 14:11:21

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping....

6.5

CVE-2024-23523

  • EPSS 0.28%
  • Veröffentlicht 16.03.2024 05:15:21
  • Zuletzt bearbeitet 21.11.2024 08:57:53

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Elementor Pro.This issue affects Elementor Pro: from n/a through 3.19.2.

8.8

CVE-2023-3124

Exploit
  • EPSS 15.81%
  • Veröffentlicht 07.06.2023 02:15:15
  • Zuletzt bearbeitet 21.11.2024 08:16:30

The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers w...