Vulnerabilities > Elementor > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-05 CVE-2021-24203 Cross-site Scripting vulnerability in Elementor Website Builder
In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter.
network
low complexity
elementor CWE-79
5.4
5.4
2021-04-05 CVE-2021-24202 Cross-site Scripting vulnerability in Elementor Website Builder
In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter.
network
low complexity
elementor CWE-79
5.4
5.4
2021-04-05 CVE-2021-24201 Cross-site Scripting vulnerability in Elementor Website Builder
In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter.
network
low complexity
elementor CWE-79
5.4
5.4
2021-01-06 CVE-2020-36171 Cross-site Scripting vulnerability in Elementor Website Builder
The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads.
network
low complexity
elementor CWE-79
6.1
6.1
2020-09-16 CVE-2020-20406 Cross-site Scripting vulnerability in Elementor Page Builder
A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions.
network
low complexity
elementor CWE-79
5.4
5.4
2020-08-31 CVE-2020-15020 Cross-site Scripting vulnerability in Elementor Website Builder
An issue was discovered in the Elementor plugin through 2.9.13 for WordPress.
network
low complexity
elementor CWE-79
5.4
5.4
2020-08-21 CVE-2020-20634 Unspecified vulnerability in Elementor Website Builder
Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature.
network
low complexity
elementor
6.5
6.5
2020-06-05 CVE-2020-13865 Cross-site Scripting vulnerability in Elementor Page Builder
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities.
network
low complexity
elementor CWE-79
5.4
5.4
2020-06-05 CVE-2020-13864 Cross-site Scripting vulnerability in Elementor Page Builder
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability.
network
low complexity
elementor CWE-79
5.4
5.4
2020-01-28 CVE-2020-8426 Cross-site Scripting vulnerability in Elementor Website Builder
The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page.
network
low complexity
elementor CWE-79
5.4
5.4