Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

Elementor — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting Elementor. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Elementor is a popular WordPress page builder enabling users to create custom websites through drag-and-drop functionality. Historically, it has been susceptible to multiple security vulnerabilities, including cross-site scripting (XSS), remote code execution (RCE), privilege escalation, and information disclosure. These vulnerabilities often stem from insufficient input validation and improper access controls. While no single major incident stands out, the 17 documented CVEs highlight consistent security challenges. The plugin's extensive user base makes it an attractive target for attackers, particularly when websites remain unpatched. Regular updates and proper configuration remain critical for mitigating risks associated with this widely used web development tool.

Found 3 results / 17Clear Filters
Top products by Elementor: Elementor Website Builder Elementor Pro Ally Elementor Website Builder (WordPress plugin) Hello Elementor Image Optimizer by Elementor
Medium2026-04-09
Elementor Website Builder <= 3.35.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API
MediumCVE-2026-13102026-01-29
Simple calendar for Elementor <= 1.6.6 - Missing Authorization to Unauthenticated Arbitrary Calendar Entry Deletion
Unknown2025-08-13
Internal: Sanitize file upload [ED-19588] · elementor/elementor@6af3551 · GitHub
High2025-07-06
WordPress Navigation Tree Elementor plugin <= 1.0.1 - SQL Injection Vulnerability - Patchstack
MediumCVE-2024-107802024-11-30
Restaurant & Cafe Addon for Elementor <= 1.5.9 - Authenticated (Contributor+) Post Disclosure
Medium2024-11-27
Elementor Website Builder – More than Just a Page Builder <= 3.25.7 - Authenticated (Contributor+) Stored Cross-Site Scr
MediumCVE-2024-103162024-11-24
Stratum – Elementor Widgets <= 1.4.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templat
MediumCVE-2024-89602024-11-11
Cowidgets – Elementor Addons <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
MediumCVE-2024-103252024-11-11
Elementor Header & Footer Builder <= 1.6.45 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
Low2024-11-09
WordPress Custom post type templates for Elementor plugin <= 1.10.1 - Stored Cross Site Scripting (XSS) vulnerability -
MediumCVE-2024-95412024-10-24
News Kit Elementor Addons <= 1.2.1 - Authenticated (Contributor+) Sensitive Information Exposure via Canvas Menu Element
MediumCVE-2024-67572024-10-16
Elementor <= 3.23.5 - Authenticated (Contributor+) Basic Information Exposure via get_image_alt Function
MediumCVE-2024-89022024-10-13
Elementor Addon Elements <= 1.13.8 - Authenticated (Contributor+) Sensitive Information Exposure via table_saved_section
Medium2024-09-12
Elementor Website Builder – More than Just a Page Builder <= 3.23.4 - Authenticated (Contributor+) Stored Cross-Site Scr

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with Elementor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.