Elementor

Website Builder

40 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-50555

  • EPSS 0.02%
  • Veröffentlicht 20.02.2026 15:46:25
  • Zuletzt bearbeitet 27.02.2026 17:16:23

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through <= 3.29.0.

4.3

CVE-2025-67588

  • EPSS 0.04%
  • Veröffentlicht 09.12.2025 14:14:16
  • Zuletzt bearbeitet 20.01.2026 15:19:26

Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.33.0.

4.9

CVE-2025-8081

Medienbericht
  • EPSS 0.06%
  • Veröffentlicht 12.08.2025 05:27:09
  • Zuletzt bearbeitet 15.08.2025 18:00:55

The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the filename specified. This makes it possible for authentic...

6.4

CVE-2025-4566

  • EPSS 0.04%
  • Veröffentlicht 29.07.2025 04:23:45
  • Zuletzt bearbeitet 29.07.2025 14:14:29

The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text DOM element attribute in Text Path widget in all versions up to, and including, 3.30.2 due to insufficie...

5.4

CVE-2025-3075

  • EPSS 0.03%
  • Veröffentlicht 29.07.2025 04:23:45
  • Zuletzt bearbeitet 13.08.2025 19:35:55

The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'elementor-element' shortcode in all versions up to, and including, 3.29.0 due to insufficient input sani...

5.4

CVE-2024-54444

  • EPSS 0.08%
  • Veröffentlicht 25.02.2025 15:15:22
  • Zuletzt bearbeitet 20.03.2025 12:11:53

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder allows Stored XSS. This issue affects Elementor Website Builder: from n/a through 3.25.10.

5.4

CVE-2024-13445

  • EPSS 0.08%
  • Veröffentlicht 20.02.2025 05:15:14
  • Zuletzt bearbeitet 25.02.2025 20:22:07

The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the border, margin and gap parameters in all versions up to, and including, 3.27.4 due to insufficient input sanitizat...

6.5

CVE-2024-8494

  • EPSS 0.16%
  • Veröffentlicht 30.01.2025 14:15:36
  • Zuletzt bearbeitet 30.01.2025 17:12:52

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. This makes it possible for authenticated attackers, with Cont...

5.4

CVE-2024-10453

  • EPSS 0.21%
  • Veröffentlicht 21.12.2024 10:15:05
  • Zuletzt bearbeitet 27.03.2025 15:52:47

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typography Settings in all versions up to, and including, 3.25.9 due to insufficient input sanitization a...

5.4

CVE-2024-8236

  • EPSS 0.16%
  • Veröffentlicht 26.11.2024 14:15:22
  • Zuletzt bearbeitet 21.04.2025 15:04:21

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter of the Icon widget in all versions up to, and including, 3.25.7 due to insufficient input sanitiza...