Elementor

Website Builder

40 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2023-48777

  • EPSS 91.5%
  • Veröffentlicht 26.03.2024 21:15:52
  • Zuletzt bearbeitet 28.01.2025 19:20:32

Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.

5.4

CVE-2024-0506

  • EPSS 0.2%
  • Veröffentlicht 29.02.2024 01:43:17
  • Zuletzt bearbeitet 27.01.2025 17:38:46

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $instance[alt] parameter in the get_image_alt function in all versions up to, and including, 3.18.3 due to insu...

5.4

CVE-2023-47505

Exploit
  • EPSS 4.79%
  • Veröffentlicht 30.11.2023 12:15:08
  • Zuletzt bearbeitet 21.11.2024 08:30:21

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor.Com Elementor allows Cross-Site Scripting (XSS).This issue affects Elementor: from n/a through 3.16.4.

6.1

CVE-2022-4953

Exploit
  • EPSS 7.9%
  • Veröffentlicht 14.08.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 07:36:19

The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.

5.4

CVE-2020-36703

Exploit
  • EPSS 0.11%
  • Veröffentlicht 07.06.2023 02:15:11
  • Zuletzt bearbeitet 21.11.2024 05:30:06

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the upload_files capability to inject...

7.2

CVE-2023-0329

Exploit
  • EPSS 9.06%
  • Veröffentlicht 30.05.2023 08:15:09
  • Zuletzt bearbeitet 23.04.2025 17:16:23

The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrato...

6.1

CVE-2022-29455

Exploit
  • EPSS 48.05%
  • Veröffentlicht 13.06.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 06:59:07

DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.

8.8

CVE-2022-1329

Exploit
  • EPSS 93.48%
  • Veröffentlicht 19.04.2022 21:15:13
  • Zuletzt bearbeitet 21.11.2024 06:40:30

The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify si...

6.1

CVE-2021-24891

Exploit
  • EPSS 5.35%
  • Veröffentlicht 23.11.2021 20:15:10
  • Zuletzt bearbeitet 21.11.2024 05:53:57

The Elementor Website Builder WordPress plugin before 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue.

5.4

CVE-2021-24206

Exploit
  • EPSS 0.11%
  • Veröffentlicht 05.04.2021 19:15:17
  • Zuletzt bearbeitet 21.11.2024 05:52:35

In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user wi...