Elementor

Website Builder

40 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2024-6757

  • EPSS 0.3%
  • Veröffentlicht 15.10.2024 02:15:02
  • Zuletzt bearbeitet 17.10.2024 21:09:59

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. This makes it possible for authenticated attac...

5.4

CVE-2024-5416

  • EPSS 0.47%
  • Veröffentlicht 11.09.2024 12:15:02
  • Zuletzt bearbeitet 26.09.2024 14:37:59

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter of multiple widgets in all versions up to, and including, 3.23.4 due to insufficient input sanitizat...

5.4

CVE-2024-37437

  • EPSS 0.37%
  • Veröffentlicht 09.07.2024 11:15:14
  • Zuletzt bearbeitet 21.11.2024 09:23:50

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Cross-Site Scripting (XSS), Stored XSS.This issue affects Elementor Website Builder: from n/a through 3.22.1.

4.3

CVE-2023-33922

  • EPSS 0.17%
  • Veröffentlicht 11.06.2024 10:15:11
  • Zuletzt bearbeitet 21.11.2024 08:06:12

Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2.

5.4

CVE-2024-4619

  • EPSS 0.52%
  • Veröffentlicht 21.05.2024 11:15:09
  • Zuletzt bearbeitet 24.01.2025 14:20:44

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hover_animation’ parameter in versions up to, and including, 3.21.4 due to insufficient input sanitizat...

8.1

CVE-2024-24934

  • EPSS 1.2%
  • Veröffentlicht 17.05.2024 09:15:25
  • Zuletzt bearbeitet 29.01.2025 21:42:08

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through 3.19...

5.4

CVE-2024-4107

Exploit
  • EPSS 0.18%
  • Veröffentlicht 14.05.2024 15:42:54
  • Zuletzt bearbeitet 21.03.2025 15:55:25

The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output ...

9.8

CVE-2023-47504

  • EPSS 7.84%
  • Veröffentlicht 24.04.2024 16:15:07
  • Zuletzt bearbeitet 05.02.2025 15:34:19

Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4.

5.4

CVE-2024-2117

  • EPSS 0.2%
  • Veröffentlicht 09.04.2024 19:15:28
  • Zuletzt bearbeitet 31.01.2025 01:37:06

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Path Widget in all versions up to, and including, 3.20.2 due to insufficient output escaping on user supp...

5.4

CVE-2024-2120

  • EPSS 0.14%
  • Veröffentlicht 27.03.2024 07:15:53
  • Zuletzt bearbeitet 28.01.2025 20:31:11

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Navigation widget in all versions up to, and including, 3.20.1 due to insufficient input sanitizatio...