Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Elementor Website Builder – More Than Just a Page Builder — Vulnerabilities & Security Advisories 16

All 16 CVE vulnerabilities found in Elementor Website Builder – More Than Just a Page Builder, with AI-generated Chinese analysis, references, and POCs.

This page documents security vulnerabilities affecting the Elementor Website Builder, specifically categorizing weaknesses related to its extensive plugin architecture and third-party integrations. It aggregates a comprehensive collection of security issues, including cross-site scripting, privilege escalation, and insecure direct object references, covering public disclosures from 2019 through 2024. Visitors to this resource can effectively track vendor advisories as they are released, gain a deeper understanding of common weakness classes within the WordPress ecosystem, and look up the specific vulnerability history of the Elementor product line. By centralizing this data, the page provides a clear view of how flaws emerge, are reported, and are patched over time. This historical context helps developers and site administrators assess risk levels, prioritize updates, and understand the evolving threat landscape surrounding popular page building tools. The information is sourced from official security channels, vulnerability databases, and public reports to ensure accuracy and relevance for security professionals.

Vendor: elemntor

CVE IDTitleCVSSSeverityPublished
CVE-2026-6127 Elementor Website Builder <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API CWE-79 6.4 Medium2026-05-01
CVE-2025-14732 Elementor Website Builder <= 3.35.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API CWE-87 6.4 Medium2026-04-08
CVE-2026-1206 Elementor Website Builder <= 3.35.7 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template CWE-639 4.3 Medium2026-03-26
CVE-2025-11220 Elementor <= 3.33.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Text Path CWE-79 6.4 Medium2025-12-16
CVE-2025-8081 Elementor <= 3.30.2 - Authenticated (Administrator+) Arbitrary File Read via Image Import CWE-22 4.9 Medium2025-08-12
CVE-2025-4566 Elementor <= 3.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path Widget CWE-79 6.4 Medium2025-07-29
CVE-2025-3075 Elementor <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-07-29
CVE-2024-13445 Elementor Website Builder – More Than Just a Page Builder <= 3.27.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-02-20
CVE-2024-10453 Elementor Website Builder – More than Just a Page Builder <= 3.25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typography Settings CWE-79 6.4 Medium2024-12-21
CVE-2024-8236 Elementor Website Builder – More than Just a Page Builder <= 3.25.7 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-11-26
CVE-2024-6757 Elementor <= 3.23.5 - Authenticated (Contributor+) Basic Information Exposure via get_image_alt Function CWE-200 4.3 Medium2024-10-15
CVE-2024-5416 Elementor Website Builder – More than Just a Page Builder <= 3.23.4 - Authenticated (Contributor+) Stored Cross-Site Scripting in the URL Parameter in Multiple Widgets CWE-79 5.4 Medium2024-09-11
CVE-2024-4619 Elementor Website Builder – More than Just a Page Builder <= 3.21.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting CWE-79 6.4 Medium2024-05-21
CVE-2024-2117 Elementor Website Builder – More than Just a Page Builder <= 3.20.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Path Widget CWE-79 6.4 Medium2024-04-09
CVE-2024-0506 Elementor Website Builder – More than Just a Page Builder <= 3.18.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_image_alt CWE-79 6.4 Medium2024-02-20
CVE-2020-36703 Elementor Website Builder <= 2.9.7 - Authenticated Stored Cross-Site Scripting CWE-79 6.4 Medium2023-06-07

All 16 known CVE vulnerabilities affecting Elementor Website Builder – More Than Just a Page Builder with full Chinese analysis, references, and POCs where available.