ElementorCVEs & Vulnerabilities
53 CVEs affecting Elementor products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
Most Affected Products
An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive.
The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user.
The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template.
The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS.
The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions.