Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Elementor Website Builder – more than just a page builder — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in Elementor Website Builder – more than just a page builder, with AI-generated Chinese analysis, references, and POCs.

Vendor: elemntor

CVE IDTitleCVSSSeverityPublished
CVE-2025-14732 Elementor Website Builder <= 3.35.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API CWE-87 6.4 Medium2026-04-08
CVE-2026-1206 Elementor Website Builder <= 3.35.7 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template CWE-639 4.3 Medium2026-03-26
CVE-2025-11220 Elementor <= 3.33.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Text Path CWE-79 6.4 Medium2025-12-16
CVE-2025-8081 Elementor <= 3.30.2 - Authenticated (Administrator+) Arbitrary File Read via Image Import CWE-22 4.9 Medium2025-08-12
CVE-2025-4566 Elementor <= 3.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path Widget CWE-79 6.4 Medium2025-07-29
CVE-2025-3075 Elementor <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-07-29
CVE-2024-13445 Elementor Website Builder – More Than Just a Page Builder <= 3.27.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-02-20
CVE-2024-10453 Elementor Website Builder – More than Just a Page Builder <= 3.25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typography Settings CWE-79 6.4 Medium2024-12-21
CVE-2024-8236 Elementor Website Builder – More than Just a Page Builder <= 3.25.7 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-11-26
CVE-2024-6757 Elementor <= 3.23.5 - Authenticated (Contributor+) Basic Information Exposure via get_image_alt Function CWE-200 4.3 Medium2024-10-15
CVE-2024-5416 Elementor Website Builder – More than Just a Page Builder <= 3.23.4 - Authenticated (Contributor+) Stored Cross-Site Scripting in the URL Parameter in Multiple Widgets CWE-79 5.4 Medium2024-09-11
CVE-2024-4619 Elementor Website Builder – More than Just a Page Builder <= 3.21.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting CWE-79 6.4 Medium2024-05-21
CVE-2024-2117 Elementor Website Builder – More than Just a Page Builder <= 3.20.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Path Widget CWE-79 6.4 Medium2024-04-09
CVE-2024-0506 Elementor Website Builder – More than Just a Page Builder <= 3.18.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_image_alt CWE-79 6.4 Medium2024-02-20
CVE-2020-36703 Elementor Website Builder <= 2.9.7 - Authenticated Stored Cross-Site Scripting CWE-79 6.4 Medium2023-06-07

All 15 known CVE vulnerabilities affecting Elementor Website Builder – more than just a page builder with full Chinese analysis, references, and POCs where available.