Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

https://elementor.com/ — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting https://elementor.com/. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Elementor is a WordPress page builder plugin enabling users to create custom websites through a drag-and-drop interface. Historically, the plugin has been associated with multiple cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts, and remote code execution (RCE) flaws that could enable unauthorized system access. Privilege escalation vulnerabilities have also been documented, potentially allowing users to gain elevated permissions. While no major public security incidents have been widely reported, the presence of nine CVEs indicates ongoing security challenges that require regular updates and careful configuration by users to mitigate potential risks.

Top products by https://elementor.com/: Elementor Website Builder Pro
CVE IDTitleCVSSSeverityPublished
CVE-2025-3076 Elementor Pro <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Elementor Website Builder ProCWE-79 6.4 Medium2025-06-10
CVE-2024-8494 Elementor Website Builder Pro – More than Just a Page Builder <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode — Elementor Website Builder ProCWE-200 4.3 Medium2025-01-30
CVE-2024-4107 Elementor Website Builder Pro <= 3.21.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Elementor Website Builder ProCWE-79 6.4 Medium2024-05-09
CVE-2024-1521 Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Widget SVGZ File Upload — Elementor Website Builder ProCWE-79 6.4 Medium2024-03-27
CVE-2024-2120 Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation — Elementor Website Builder ProCWE-79 5.4 Medium2024-03-27
CVE-2024-2121 Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Elementor Website Builder ProCWE-79 5.4 Medium2024-03-27
CVE-2024-2781 Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via video_html_tag — Elementor Website Builder ProCWE-79 6.4 Medium2024-03-27
CVE-2024-1364 Elementor Website Builder Pro <= 3.20.1 - Authententicated (Contributor+) Stored Cross-Site Scripting — Elementor Website Builder ProCWE-79 6.4 Medium2024-03-27
CVE-2023-3124 Elementor Pro <= 3.11.6 - Authenticated(Subscriber+) Privilege Escalation via update_page_option — Elementor Website Builder ProCWE-862 8.8 High2023-06-07

This page lists every published CVE security advisory associated with https://elementor.com/. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.