Vulnerabilities > Elementor > Low

DATE CVE VULNERABILITY TITLE RISK
2021-04-05 CVE-2021-24202 Cross-site Scripting vulnerability in Elementor Website Builder
In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter.
network
elementor CWE-79
3.5
3.5
2021-04-05 CVE-2021-24203 Cross-site Scripting vulnerability in Elementor Website Builder
In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter.
network
elementor CWE-79
3.5
3.5
2021-04-05 CVE-2021-24204 Cross-site Scripting vulnerability in Elementor Website Builder
In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter.
network
elementor CWE-79
3.5
3.5
2021-04-05 CVE-2021-24205 Cross-site Scripting vulnerability in Elementor Website Builder
In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter.
network
elementor CWE-79
3.5
3.5
2021-04-05 CVE-2021-24206 Cross-site Scripting vulnerability in Elementor Website Builder
In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter.
network
elementor CWE-79
3.5
3.5
2020-09-16 CVE-2020-20406 Cross-site Scripting vulnerability in Elementor Page Builder
A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions.
network
elementor CWE-79
3.5
3.5
2020-06-05 CVE-2020-13864 Cross-site Scripting vulnerability in Elementor Page Builder
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability.
network
elementor CWE-79
3.5
3.5
2020-06-05 CVE-2020-13865 Cross-site Scripting vulnerability in Elementor Page Builder
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities.
network
elementor CWE-79
3.5
3.5