Vulnerabilities > Elementor > Elementor PRO > 3.11.6

DATE CVE VULNERABILITY TITLE RISK
2024-07-22 CVE-2024-35656 Unspecified vulnerability in Elementor PRO 3.0.5/3.11.6/3.11.7
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elementor Elementor Pro allows Reflected XSS.This issue affects Elementor Pro: from n/a through 3.21.2.
network
low complexity
elementor
6.1
6.1
2024-03-27 CVE-2024-1364 Cross-site Scripting vulnerability in Elementor PRO 3.0.5/3.11.6/3.11.7
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget's custom_id in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
elementor CWE-79
5.4
5.4
2024-03-27 CVE-2024-1521 Cross-site Scripting vulnerability in Elementor PRO 3.0.5/3.11.6/3.11.7
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping.
network
low complexity
elementor CWE-79
5.4
5.4
2024-03-27 CVE-2024-2121 Cross-site Scripting vulnerability in Elementor PRO 3.0.5/3.11.6/3.11.7
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Carousel widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
elementor CWE-79
5.4
5.4
2024-03-27 CVE-2024-2781 Cross-site Scripting vulnerability in Elementor PRO 3.0.5/3.11.6/3.11.7
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_html_tag attribute in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping.
network
low complexity
elementor CWE-79
5.4
5.4
2023-06-07 CVE-2023-3124 Unspecified vulnerability in Elementor PRO 3.0.5/3.11.6
The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6.
network
low complexity
elementor
8.8
8.8