| CVE-2023-33922 | WordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerability | Elementor | Elementor Website Builder | Medium | 4.3 | 2024-06-11 09:17:29 | Deep Dive |
| CVE-2024-4619 | Elementor Website Builder – More than Just a Page Builder <= 3.21.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | elemntor | Elementor Website Builder – more than just a page builder | Medium | 6.4 | 2024-05-21 11:02:29 | Deep Dive |
| CVE-2024-24934 | WordPress Elementor plugin <= 3.19.0 - Arbitrary File Deletion and Phar Deserialization vulnerability | Elementor | Elementor Website Builder | High | 8.5 | 2024-05-17 08:50:02 | Deep Dive |
| CVE-2024-4107 | Elementor Website Builder Pro <= 3.21.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | https://elementor.com/ | Elementor Website Builder Pro | Medium | 6.4 | 2024-05-09 20:03:19 | Deep Dive |
| CVE-2023-47504 | WordPress Elementor plugin <= 3.16.4 - Auth. Arbitrary Attachment Read vulnerability | Elementor | Elementor Website Builder | High | 7.5 | 2024-04-24 15:49:49 | Deep Dive |
| CVE-2024-2117 | Elementor Website Builder – More than Just a Page Builder <= 3.20.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Path Widget | elemntor | Elementor Website Builder – more than just a page builder | Medium | 6.4 | 2024-04-09 18:59:21 | Deep Dive |
| CVE-2024-1521 | Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Widget SVGZ File Upload | https://elementor.com/ | Elementor Website Builder Pro | Medium | 6.4 | 2024-03-27 06:40:51 | Deep Dive |
| CVE-2024-2121 | Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | https://elementor.com/ | Elementor Website Builder Pro | Medium | 5.4 | 2024-03-27 06:40:50 | Deep Dive |
| CVE-2024-2120 | Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation | https://elementor.com/ | Elementor Website Builder Pro | Medium | 5.4 | 2024-03-27 06:40:50 | Deep Dive |
| CVE-2024-2781 | Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via video_html_tag | https://elementor.com/ | Elementor Website Builder Pro | Medium | 6.4 | 2024-03-27 06:40:49 | Deep Dive |
| CVE-2024-1364 | Elementor Website Builder Pro <= 3.20.1 - Authententicated (Contributor+) Stored Cross-Site Scripting | https://elementor.com/ | Elementor Website Builder Pro | Medium | 6.4 | 2024-03-27 06:40:47 | Deep Dive |
| CVE-2023-48777 | WordPress Elementor plugin 3.3.0-3.18.1 - Arbitrary File Upload vulnerability | Elementor.com | Elementor Website Builder | Critical | 9.9 | 2024-03-26 20:49:39 | Deep Dive |
| CVE-2024-0506 | Elementor Website Builder – More than Just a Page Builder <= 3.18.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_image_alt | elemntor | Elementor Website Builder – more than just a page builder | Medium | 6.4 | 2024-02-20 18:56:29 | Deep Dive |
| CVE-2022-4953 | Elementor < 3.5.5 - Iframe Injection | Unknown | Elementor Website Builder | 中危 | - | 2023-08-14 19:10:18 | Deep Dive |
| CVE-2023-3124 | Elementor Pro <= 3.11.6 - Authenticated(Subscriber+) Privilege Escalation via update_page_option | https://elementor.com/ | Elementor Website Builder Pro | High | 8.8 | 2023-06-07 01:51:21 | Deep Dive |
| CVE-2020-36703 | Elementor Website Builder <= 2.9.7 - Authenticated Stored Cross-Site Scripting | elemntor | Elementor Website Builder – more than just a page builder | Medium | 6.4 | 2023-06-07 01:51:17 | Deep Dive |
| CVE-2023-0329 | Elementor Website Builder < 3.12.2 - Admin+ SQLi | Unknown | Elementor Website Builder | 高危 | - | 2023-05-30 07:49:14 | Deep Dive |
| CVE-2022-29455 | WordPress Elementor plugin <= 3.5.5 - Unauthenticated DOM-based Reflected Cross-Site Scripting (XSS) vulnerability | Elementor | Elementor Website Builder (WordPress plugin) | Medium | 4.7 | 2022-06-13 16:09:13 | Deep Dive |
| CVE-2022-1329 | Elementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code Execution | elemntor | Elementor Website Builder | High | 8.8 | 2022-04-19 00:00:00 | Deep Dive |
| CVE-2021-24891 | Elementor < 3.4.8 - DOM Cross-Site-Scripting | Unknown | Elementor Website Builder | 中危 | - | 2021-11-23 19:16:21 | Deep Dive |