Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Elementor — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting Elementor. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Elementor is a popular WordPress page builder enabling users to create custom websites through drag-and-drop functionality. Historically, it has been susceptible to multiple security vulnerabilities, including cross-site scripting (XSS), remote code execution (RCE), privilege escalation, and information disclosure. These vulnerabilities often stem from insufficient input validation and improper access controls. While no single major incident stands out, the 17 documented CVEs highlight consistent security challenges. The plugin's extensive user base makes it an attractive target for attackers, particularly when websites remain unpatched. Regular updates and proper configuration remain critical for mitigating risks associated with this widely used web development tool.

Top products by Elementor: Elementor Website Builder Elementor Pro Ally Elementor Website Builder (WordPress plugin) Hello Elementor Image Optimizer by Elementor
CVE IDTitleCVSSSeverityPublished
CVE-2026-32445 WordPress Elementor Website Builder plugin <= 3.35.5 - Broken Access Control vulnerability — Elementor Website BuilderCWE-862 2.7 Low2026-03-13
CVE-2026-32352 WordPress Elementor Website Builder plugin <= 3.35.5 - Cross Site Scripting (XSS) vulnerability — Elementor Website BuilderCWE-79 6.5 Medium2026-03-13
CVE-2024-50555 WordPress Elementor Website Builder plugin <= 3.29.0 - Cross Site Scripting (XSS) vulnerability — Elementor Website BuilderCWE-79 6.5 Medium2026-02-20
CVE-2026-25386 WordPress Ally plugin <= 4.0.2 - Broken Access Control vulnerability — AllyCWE-862 5.3 Medium2026-02-19
CVE-2026-25387 WordPress Image Optimizer by Elementor plugin <= 1.7.1 - Broken Access Control vulnerability — Image Optimizer by ElementorCWE-862 4.3 Medium2026-02-19
CVE-2025-67588 WordPress Elementor Website Builder plugin <= 3.33.0 - Broken Access Control vulnerability — Elementor Website BuilderCWE-862 4.3 Medium2025-12-09
CVE-2025-32640 WordPress One Click Accessibility plugin <= 3.1.0 - Cross-Site Scripting (XSS) vulnerability — AllyCWE-79 5.9 Medium2025-04-09
CVE-2024-54444 WordPress Elementor plugin <= 3.25.10 - Cross Site Scripting (XSS) vulnerability — Elementor Website BuilderCWE-79 6.5 Medium2025-02-25
CVE-2024-35656 WordPress Elementor Pro <= 3.21.2 - Reflected Cross Site Scripting (XSS) vulnerability — Elementor ProCWE-79 7.1 High2024-07-22
CVE-2024-37437 WordPress Elementor Website Builder plugin <= 3.22.1 - Arbitrary SVG File Download vulnerability — Elementor Website BuilderCWE-79 5.5 Medium2024-07-09
CVE-2023-35050 WordPress Elementor Pro plugin <= 3.13.0 - Auth. Broken Access Control vulnerability — Elementor ProCWE-862 5.4 Medium2024-06-19
CVE-2023-33922 WordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerability — Elementor Website BuilderCWE-862 4.3 Medium2024-06-11
CVE-2024-24934 WordPress Elementor plugin <= 3.19.0 - Arbitrary File Deletion and Phar Deserialization vulnerability — Elementor Website BuilderCWE-22 8.5 High2024-05-17
CVE-2023-47504 WordPress Elementor plugin <= 3.16.4 - Auth. Arbitrary Attachment Read vulnerability — Elementor Website BuilderCWE-287 6.5 Medium2024-04-24
CVE-2024-31289 WordPress Hello Elementor theme <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability — Hello ElementorCWE-352 4.3 Medium2024-04-12
CVE-2024-23523 WordPress Elementor Pro plugin <= 3.19.2 - Contributor+ Arbitrary User Meta Data Retrieval vulnerability — Elementor ProCWE-200 6.5 Medium2024-03-16
CVE-2022-29455 WordPress Elementor plugin <= 3.5.5 - Unauthenticated DOM-based Reflected Cross-Site Scripting (XSS) vulnerability — Elementor Website Builder (WordPress plugin)CWE-79 4.7 Medium2022-06-13

This page lists every published CVE security advisory associated with Elementor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.