Elementor

Website Builder

46 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-4619

  • EPSS 0.4%
  • Veröffentlicht 21.05.2024 11:15:09
  • Zuletzt bearbeitet 08.04.2026 19:21:42

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hover_animation’ parameter in versions up to, and including, 3.21.5 due to insufficient input sanitizat...

8.1

CVE-2024-24934

  • EPSS 0.72%
  • Veröffentlicht 17.05.2024 09:15:25
  • Zuletzt bearbeitet 29.01.2025 21:42:08

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through 3.19...

5.4

CVE-2024-4107

Exploit
  • EPSS 0.42%
  • Veröffentlicht 14.05.2024 15:42:54
  • Zuletzt bearbeitet 08.04.2026 17:18:50

The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output ...

9.8

CVE-2023-47504

  • EPSS 1.45%
  • Veröffentlicht 24.04.2024 16:15:07
  • Zuletzt bearbeitet 28.04.2026 19:21:51

Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4.

5.4

CVE-2024-2117

  • EPSS 0.46%
  • Veröffentlicht 09.04.2024 19:15:28
  • Zuletzt bearbeitet 08.04.2026 19:20:59

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Path Widget in all versions up to, and including, 3.20.2 due to insufficient output escaping on user supp...

5.4

CVE-2024-2120

  • EPSS 0.34%
  • Veröffentlicht 27.03.2024 07:15:53
  • Zuletzt bearbeitet 08.04.2026 19:20:59

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Navigation widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on use...

8.8

CVE-2023-48777

  • EPSS 4.1%
  • Veröffentlicht 26.03.2024 21:15:52
  • Zuletzt bearbeitet 28.04.2026 19:22:16

Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.

5.4

CVE-2024-0506

  • EPSS 0.47%
  • Veröffentlicht 29.02.2024 01:43:17
  • Zuletzt bearbeitet 08.04.2026 18:18:51

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $instance[alt] parameter in the get_image_alt function in all versions up to, and including, 3.18.3 due to insu...

5.4

CVE-2023-47505

Exploit
  • EPSS 25.34%
  • Veröffentlicht 30.11.2023 12:15:08
  • Zuletzt bearbeitet 28.04.2026 19:21:51

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor.Com Elementor allows Cross-Site Scripting (XSS).This issue affects Elementor: from n/a through 3.16.4.

6.1

CVE-2022-4953

Exploit
  • EPSS 2.03%
  • Veröffentlicht 14.08.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 07:36:19

The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.