Elementor Elementor Pro — known CVE vulnerabilities
Every CVE whose affected-product data names Elementor Elementor Pro, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2020-26596 — CVSS 8.8 (high): The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code…
CVE-2023-3124 — CVSS 8.8 (high): The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the…
CVE-2024-35656 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elementor Elementor Pro allows…
CVE-2024-1521 — CVSS 6.4 (medium): The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form…
CVE-2024-1364 — CVSS 6.4 (medium): The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget's custom_id in all versions…
CVE-2024-2781 — CVSS 6.4 (medium): The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_html_tag attribute in all…
CVE-2024-2121 — CVSS 5.4 (medium): The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Carousel widget…