Filtered by vendor Elementor
Subscriptions
Total
153 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60112 | 3 Athemes, Elementor, Wordpress | 3 Athemes Addons For Elementor, Elementor, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi aThemes Addons for Elementor athemes-addons-for-elementor-lite allows Stored XSS.This issue affects aThemes Addons for Elementor: from n/a through <= 1.1.2. | ||||
| CVE-2025-60096 | 3 Codexthemes, Elementor, Wordpress | 3 Thegem, Elementor, Wordpress | 2026-04-23 | 5.4 Medium |
| Missing Authorization vulnerability in CodexThemes TheGem (Elementor) thegem-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TheGem (Elementor): from n/a through <= 5.10.5. | ||||
| CVE-2025-59592 | 3 Elementor, Fernando Acosta, Wordpress | 3 Elementor, Make Column Clickable Elementor, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fernando Acosta Make Column Clickable Elementor make-column-clickable-elementor allows Stored XSS.This issue affects Make Column Clickable Elementor: from n/a through <= 1.6.0. | ||||
| CVE-2025-59553 | 2 Elementor, Wordpress | 2 Elementor, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coderz Studio Custom iFrame for Elementor custom-iframe allows DOM-Based XSS.This issue affects Custom iFrame for Elementor: from n/a through <= 1.0.13. | ||||
| CVE-2025-59007 | 3 Elementor, Themesflat, Wordpress | 3 Elementor, Tf Woo Product Grid Addon For Elementor, Wordpress | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue affects TF Woo Product Grid Addon For Elementor: from n/a through <= 1.0.1. | ||||
| CVE-2025-58254 | 3 Dtbaker, Elementor, Wordpress | 3 Stylepress, Elementor, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dtbaker StylePress for Elementor full-site-builder-for-elementor allows Stored XSS.This issue affects StylePress for Elementor: from n/a through <= 1.2.1. | ||||
| CVE-2025-58251 | 3 Elementor, Posimyth, Wordpress | 3 Elementor, Sticky Header Effects, Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in POSIMYTH Sticky Header Effects for Elementor sticky-header-effects-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Header Effects for Elementor: from n/a through <= 2.1.2. | ||||
| CVE-2025-57939 | 3 Blocksera, Elementor, Wordpress | 3 Image Hover Effects, Elementor, Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in Blocksera Image Hover Effects – Elementor Addon image-hover-effects-addon-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Hover Effects – Elementor Addon: from n/a through <= 1.4.4. | ||||
| CVE-2025-54712 | 3 Elementor, Hashthemes, Wordpress | 3 Elementor, Easy Elementor Addons, Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Elementor Addons: from n/a through <= 2.2.7. | ||||
| CVE-2025-54704 | 3 Elementor, Hashthemes, Wordpress | 3 Elementor, Easy Elementor Addons, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows DOM-Based XSS.This issue affects Easy Elementor Addons: from n/a through <= 2.2.6. | ||||
| CVE-2025-53230 | 2 Elementor, Wordpress | 2 Elementor, Wordpress | 2026-04-23 | 7.6 High |
| Missing Authorization vulnerability in honzat Page Manager for Elementor page-manager-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Manager for Elementor: from n/a through <= 2.0.5. | ||||
| CVE-2025-49934 | 3 Crocoblock, Elementor, Wordpress | 3 Jettabs For Elementor, Elementor, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Stored XSS.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.18. | ||||
| CVE-2025-49387 | 2 Elementor, Wordpress | 2 Elementor, Wordpress | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms drag-and-drop-file-upload-for-elementor-forms allows Upload a Web Shell to a Web Server.This issue affects Drag and Drop File Upload for Elementor Forms: from n/a through <= 1.5.3. | ||||
| CVE-2025-48354 | 2 Elementor, Wordpress | 2 Elementor, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Widgets Better Post & Filter Widgets for Elementor better-post-filter-widgets-for-elementor allows Stored XSS.This issue affects Better Post & Filter Widgets for Elementor: from n/a through <= 1.6.1. | ||||
| CVE-2025-46434 | 3 Elementor, Posimyth, Wordpress | 3 Elementor, The Plus Addons For Elementor, Wordpress | 2026-04-23 | N/A |
| Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro theplus_elementor_addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through < 6.3.7. | ||||
| CVE-2024-54444 | 1 Elementor | 1 Website Builder | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through <= 3.25.10. | ||||
| CVE-2024-37437 | 1 Elementor | 1 Website Builder | 2026-04-23 | 5.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor.This issue affects Elementor Website Builder: from n/a through <= 3.22.1. | ||||
| CVE-2025-10173 | 4 Elementor, Roxnor, Woocommerce and 1 more | 4 Elementor, Shopengine Elementor Woocommerce Builder Addon, Woocommerce and 1 more | 2026-04-22 | 2.7 Low |
| The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized access due to an incorrect capability check on the post_save() function in all versions up to, and including, 4.8.3. This makes it possible for authenticated attackers, with Editor-level access and above, to update the plugin's settings. | ||||
| CVE-2025-10896 | 3 Elementor, Litonice13, Wordpress | 3 Elementor, Image Hover Effects For Elementor, Wordpress | 2026-04-22 | 8.8 High |
| Multiple plugins for WordPress with the Jewel Theme Recommended Plugins Library are vulnerable to Unrestricted Upload of File with Dangerous Type via arbitrary plugin installation in all versions up to, and including, 1.0.2.3. This is due to missing capability checks on the '*_recommended_upgrade_plugin' function which allows arbitrary plugin URLs to be installed. This makes it possible for authenticated attackers with subscriber-level access and above to upload arbitrary plugin packages to the affected site's server via a crafted plugin URL, which may make remote code execution possible. | ||||
| CVE-2026-32445 | 2 Elementor, Wordpress | 2 Elementor Website Builder, Wordpress | 2026-04-22 | 2.7 Low |
| Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.35.5. | ||||