Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

elemntor — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting elemntor. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by elemntor:Elementor Website Builder – more than just a page builderAlly – Web Accessibility & UsabilityElementor Website Builder Activity Log – Monitor & Record User ChangesSite Mailer – SMTP Replacement, Email API Deliverability & Email Log
CVE IDTitleCVSSSeverityPublished
CVE-2025-14732 Elementor Website Builder <= 3.35.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API — Elementor Website Builder – more than just a page builderCWE-87 6.4 Medium2026-04-08
CVE-2026-1206 Elementor Website Builder <= 3.35.7 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template — Elementor Website Builder – more than just a page builderCWE-639 4.3 Medium2026-03-26
CVE-2026-2413 Ally – Web Accessibility & Usability <= 4.0.3 - Unauthenticated SQL Injection via URL Path — Ally – Web Accessibility & UsabilityCWE-89 7.5 High2026-03-11
CVE-2025-11220 Elementor <= 3.33.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Text Path — Elementor Website Builder – more than just a page builderCWE-79 6.4 Medium2025-12-16
CVE-2025-10700 Ally - Web Accessibility & Usability <= 3.8.0 - Cross-Site Request Forgery to Plugin Settings Update — Ally – Web Accessibility & UsabilityCWE-352 4.3 Medium2025-10-16
CVE-2025-8081 Elementor <= 3.30.2 - Authenticated (Administrator+) Arbitrary File Read via Image Import — Elementor Website Builder – more than just a page builderCWE-22 4.9 Medium2025-08-12
CVE-2025-4566 Elementor <= 3.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path Widget — Elementor Website Builder – more than just a page builderCWE-79 6.4 Medium2025-07-29
CVE-2025-3075 Elementor <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Elementor Website Builder – more than just a page builderCWE-79 6.4 Medium2025-07-29
CVE-2025-1319 Site Mailer <= 1.2.3 - Unauthenticated Stored Cross-Site Scripting — Site Mailer – SMTP Replacement, Email API Deliverability & Email LogCWE-79 7.2 High2025-02-28
CVE-2024-13445 Elementor Website Builder – More Than Just a Page Builder <= 3.27.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Elementor Website Builder – more than just a page builderCWE-79 6.4 Medium2025-02-20
CVE-2024-10453 Elementor Website Builder – More than Just a Page Builder <= 3.25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typography Settings — Elementor Website Builder – more than just a page builderCWE-79 6.4 Medium2024-12-21
CVE-2024-8236 Elementor Website Builder – More than Just a Page Builder <= 3.25.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Elementor Website Builder – more than just a page builderCWE-79 6.4 Medium2024-11-26
CVE-2024-10788 Activity Log – Monitor & Record User Changes <= 2.11.1 - Unauthenticated Stored Cross-Site Scripting via Event Context — Activity Log – Monitor & Record User ChangesCWE-79 7.2 High2024-11-21
CVE-2024-6757 Elementor <= 3.23.5 - Authenticated (Contributor+) Basic Information Exposure via get_image_alt Function — Elementor Website Builder – more than just a page builderCWE-200 4.3 Medium2024-10-15
CVE-2024-5416 Elementor Website Builder – More than Just a Page Builder <= 3.23.4 - Authenticated (Contributor+) Stored Cross-Site Scripting in the URL Parameter in Multiple Widgets — Elementor Website Builder – more than just a page builderCWE-79 5.4 Medium2024-09-11
CVE-2024-4619 Elementor Website Builder – More than Just a Page Builder <= 3.21.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Elementor Website Builder – more than just a page builderCWE-79 6.4 Medium2024-05-21
CVE-2024-2117 Elementor Website Builder – More than Just a Page Builder <= 3.20.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Path Widget — Elementor Website Builder – more than just a page builderCWE-79 6.4 Medium2024-04-09
CVE-2024-0506 Elementor Website Builder – More than Just a Page Builder <= 3.18.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_image_alt — Elementor Website Builder – more than just a page builderCWE-79 6.4 Medium2024-02-20
CVE-2020-36703 Elementor Website Builder <= 2.9.7 - Authenticated Stored Cross-Site Scripting — Elementor Website Builder – more than just a page builderCWE-79 6.4 Medium2023-06-07
CVE-2022-1329 Elementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code Execution — Elementor Website Builder CWE-862 8.8 High2022-04-19

This page lists every published CVE security advisory associated with elemntor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.