Vulnerabilities > Elementor > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-11 | CVE-2023-33922 | Unspecified vulnerability in Elementor Website Builder Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2. | 4.3 |
| 2024-05-21 | CVE-2024-4619 | Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hover_animation’ parameter in versions up to, and including, 3.21.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-14 | CVE-2024-4107 | Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-09 | CVE-2024-2117 | Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Path Widget in all versions up to, and including, 3.20.2 due to insufficient output escaping on user supplied attributes. | 5.4 |
| 2024-03-27 | CVE-2024-1364 | Cross-site Scripting vulnerability in Elementor PRO 3.0.5/3.11.6/3.11.7 The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget's custom_id in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-27 | CVE-2024-1521 | Cross-site Scripting vulnerability in Elementor PRO 3.0.5/3.11.6/3.11.7 The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-27 | CVE-2024-2120 | Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Navigation widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-27 | CVE-2024-2121 | Cross-site Scripting vulnerability in Elementor PRO 3.0.5/3.11.6/3.11.7 The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Carousel widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-27 | CVE-2024-2781 | Cross-site Scripting vulnerability in Elementor PRO 3.0.5/3.11.6/3.11.7 The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_html_tag attribute in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-02-29 | CVE-2024-0506 | Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $instance[alt] parameter in the get_image_alt function in all versions up to, and including, 3.18.3 due to insufficient input sanitization and output escaping. | 5.4 |