Elementor Elementor Page Builder — known CVE vulnerabilities
Every CVE whose affected-product data names Elementor Elementor Page Builder, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2020-7055 — CVSS 9.9 (critical): An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an…
CVE-2020-13126 — CVSS 9.9 (critical): An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with…
CVE-2017-18596 — CVSS 8.8 (high): The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions.
CVE-2025-3076 — CVSS 6.4 (medium): The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_text’ parameter in…
CVE-2018-18379 — CVSS 6.1 (medium): The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS.
CVE-2020-13865 — CVSS 5.4 (medium): The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create…
CVE-2020-20406 — CVSS 5.4 (medium): A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier…
CVE-2020-13864 — CVSS 5.4 (medium): The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that…