Vulnerabilities > Elementor
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-21 | CVE-2024-4619 | Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hover_animation’ parameter in versions up to, and including, 3.21.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-17 | CVE-2024-24934 | Unspecified vulnerability in Elementor Website Builder Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through 3.19.0. | 8.1 |
| 2024-05-14 | CVE-2024-4107 | Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-24 | CVE-2023-47504 | Unspecified vulnerability in Elementor Website Builder Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4. | 9.8 |
| 2024-04-09 | CVE-2024-2117 | Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Path Widget in all versions up to, and including, 3.20.2 due to insufficient output escaping on user supplied attributes. | 5.4 |
| 2024-03-27 | CVE-2024-1364 | Cross-site Scripting vulnerability in Elementor PRO 3.0.5/3.11.6/3.11.7 The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget's custom_id in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-27 | CVE-2024-1521 | Cross-site Scripting vulnerability in Elementor PRO 3.0.5/3.11.6/3.11.7 The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-27 | CVE-2024-2120 | Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Navigation widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-27 | CVE-2024-2121 | Cross-site Scripting vulnerability in Elementor PRO 3.0.5/3.11.6/3.11.7 The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Carousel widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-27 | CVE-2024-2781 | Cross-site Scripting vulnerability in Elementor PRO 3.0.5/3.11.6/3.11.7 The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_html_tag attribute in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. | 5.4 |