Browse all 17 CVE security advisories affecting Elementor. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Elementor is a popular WordPress page builder enabling users to create custom websites through drag-and-drop functionality. Historically, it has been susceptible to multiple security vulnerabilities, including cross-site scripting (XSS), remote code execution (RCE), privilege escalation, and information disclosure. These vulnerabilities often stem from insufficient input validation and improper access controls. While no single major incident stands out, the 17 documented CVEs highlight consistent security challenges. The plugin's extensive user base makes it an attractive target for attackers, particularly when websites remain unpatched. Regular updates and proper configuration remain critical for mitigating risks associated with this widely used web development tool.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-31289 | WordPress Hello Elementor theme <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability — Hello ElementorCWE-352 | 4.3 | Medium | 2024-04-12 |
This page lists every published CVE security advisory associated with Elementor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.