Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-30	CVE-2023-47505	Cross-site Scripting vulnerability in Elementor Website Builder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor.Com Elementor allows Cross-Site Scripting (XSS).This issue affects Elementor: from n/a through 3.16.4. network low complexity elementor CWE-79	5.4
2023-08-14	CVE-2022-4953	Unspecified vulnerability in Elementor Website Builder The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. network low complexity elementor	6.1
2023-06-07	CVE-2020-36703	Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the upload_files capability to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the stored web scripts. network low complexity elementor CWE-79	5.4
2022-06-13	CVE-2022-29455	Cross-site Scripting vulnerability in Elementor Website Builder DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions. network elementor CWE-79	4.3
2021-11-23	CVE-2021-24891	Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder WordPress plugin before 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue. network elementor CWE-79	4.3
2021-04-05	CVE-2021-24201	Cross-site Scripting vulnerability in Elementor Website Builder In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. network low complexity elementor CWE-79	5.4
2021-01-06	CVE-2020-36171	Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads. network elementor CWE-79	4.3
2020-08-31	CVE-2020-15020	Cross-site Scripting vulnerability in Elementor Website Builder An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. network low complexity elementor CWE-79	5.4
2020-08-21	CVE-2020-20634	Unspecified vulnerability in Elementor Website Builder Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. network low complexity elementor	6.5
2020-01-28	CVE-2020-8426	Cross-site Scripting vulnerability in Elementor Website Builder The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. network low complexity elementor CWE-79	5.4