Vulnerabilities > Elementor > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-07 | CVE-2020-26596 | Improper Input Validation vulnerability in Elementor PRO 3.0.5 The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. | 9.0 |
| 2020-04-22 | CVE-2020-7055 | Unrestricted Upload of File with Dangerous Type vulnerability in Elementor Page Builder An issue was discovered in Elementor 2.7.4. | 9.0 |
| 2020-01-22 | CVE-2020-7109 | Unspecified vulnerability in Elementor Website Builder The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template. | 9.8 |