Vulnerabilities > Elementor > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-10-07 CVE-2020-26596 Improper Input Validation vulnerability in Elementor PRO 3.0.5
The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet.
network
low complexity
elementor CWE-20
critical
9.0
2020-04-22 CVE-2020-7055 Unrestricted Upload of File with Dangerous Type vulnerability in Elementor Page Builder
An issue was discovered in Elementor 2.7.4.
network
low complexity
elementor CWE-434
critical
9.0
2020-01-22 CVE-2020-7109 Unspecified vulnerability in Elementor Website Builder
The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template.
network
low complexity
elementor
critical
9.8