Vulnerabilities > Elementor > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-05 CVE-2021-24201 Cross-site Scripting vulnerability in Elementor Website Builder
In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter.
network
low complexity
elementor CWE-79
5.4
2021-01-06 CVE-2020-36171 Cross-site Scripting vulnerability in Elementor Website Builder
The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads.
network
elementor CWE-79
4.3
2020-08-31 CVE-2020-15020 Cross-site Scripting vulnerability in Elementor Website Builder
An issue was discovered in the Elementor plugin through 2.9.13 for WordPress.
network
low complexity
elementor CWE-79
5.4
2020-08-21 CVE-2020-20634 Unspecified vulnerability in Elementor Website Builder
Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature.
network
low complexity
elementor
6.5
2020-05-17 CVE-2020-13126 Unrestricted Upload of File with Dangerous Type vulnerability in Elementor Page Builder
An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125.
network
low complexity
elementor CWE-434
6.5
2020-01-28 CVE-2020-8426 Cross-site Scripting vulnerability in Elementor Website Builder
The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page.
network
low complexity
elementor CWE-79
5.4
2019-10-07 CVE-2018-18379 Cross-site Scripting vulnerability in Elementor Page Builder
The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS.
network
elementor CWE-79
4.3
2019-09-10 CVE-2017-18596 Improper Privilege Management vulnerability in Elementor Page Builder
The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions.
network
low complexity
elementor CWE-269
6.5