Vulnerabilities > Elementor > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-01-28 CVE-2020-8426 Cross-site Scripting vulnerability in Elementor Website Builder
The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page.
network
low complexity
elementor CWE-79
5.4
5.4
2019-10-07 CVE-2018-18379 Cross-site Scripting vulnerability in Elementor Page Builder
The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS.
network
elementor CWE-79
4.3
4.3
2019-09-10 CVE-2017-18596 Improper Privilege Management vulnerability in Elementor Page Builder
The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions.
network
low complexity
elementor CWE-269
6.5
6.5