CVSS: 6.4EPSS: %CPEs: 1EXPL: 0CVE-2024-50555 – Elementor Website Builder <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-50555
19 Jun 2025 — The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: %CPEs: 1EXPL: 0CVE-2025-31046 – AnyWhere Elementor Pro <= 2.29 - Missing Authorization
https://notcve.org/view.php?id=CVE-2025-31046
16 May 2025 — The AnyWhere Elementor Pro theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.29. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51812 – WordPress Pro Addons For Elementor plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51812
08 Nov 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasim Pro Addons For Elementor allows Stored XSS.This issue affects Pro Addons For Elementor: from n/a through 1.5.0. The Pro Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to i... • https://patchstack.com/database/vulnerability/pro-addons-for-elementor/wordpress-pro-addons-for-elementor-plugin-1-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35656 – WordPress Elementor Pro <= 3.21.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35656
28 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elementor Elementor Pro allows Reflected XSS.This issue affects Elementor Pro: from n/a through 3.21.2. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Elementor Elementor Pro permite el XSS reflejado. Este problema afecta a Elementor Pro: desde n/a hasta 3.21.2. The Elementor Pro plugin for WordPress is vulnerable to Re... • https://patchstack.com/database/vulnerability/elementor-pro/wordpress-elementor-pro-3-21-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33632 – WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-33632
25 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Piotnet Piotnet Addons para Elementor Pro. Este problema afecta a Piotnet Addons para Elementor Pro: desde n/a hasta 7.1.17. The Piotnet Addons For Elementor Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1.17. This is due to mis... • https://patchstack.com/database/vulnerability/piotnet-addons-for-elementor-pro/wordpress-piotnet-addons-for-elementor-pro-plugin-7-1-17-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33633 – WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-33633
25 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Reflected XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ("cross-site Scripting") en Piotnet Piotnet Addons para Elementor Pro permite Reflected XSS. Este problema afecta a Piotnet Addons para Elementor Pro: desde n/a hasta 7.1.1... • https://patchstack.com/database/vulnerability/piotnet-addons-for-elementor-pro/wordpress-piotnet-addons-for-elementor-pro-plugin-7-1-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33634 – WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-33634
25 Apr 2024 — Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Piotnet Piotnet Addons para Elementor Pro. Este problema afecta a Piotnet Addons para Elementor Pro: desde n/a hasta 7.1.17. The Piotnet Addons For Elementor Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.17. This makes ... • https://patchstack.com/database/vulnerability/piotnet-addons-for-elementor-pro/wordpress-piotnet-addons-for-elementor-pro-plugin-7-1-17-unauthenticated-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33635 – WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Unauthenticated Arbitrary Post/Page Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-33635
25 Apr 2024 — Missing Authorization vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. Vulnerabilidad de autorización faltante en Piotnet Piotnet Addons para Elementor Pro. Este problema afecta a Piotnet Addons para Elementor Pro: desde n/a hasta 7.1.17. The Piotnet Addons For Elementor Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on a function in all versions up to, and including,... • https://patchstack.com/database/vulnerability/piotnet-addons-for-elementor-pro/wordpress-piotnet-addons-for-elementor-pro-plugin-7-1-17-unauthenticated-arbitrary-post-page-deletion-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33631 – WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Authenticated Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-33631
25 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Stored XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ("cross-site Scripting") en Piotnet Piotnet Addons para Elementor Pro permite almacenar XSS. Este problema afecta a Piotnet Addons para Elementor Pro: desde n/a hasta 7.1.17. ... • https://patchstack.com/database/vulnerability/piotnet-addons-for-elementor-pro/wordpress-piotnet-addons-for-elementor-pro-plugin-7-1-17-authenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23523 – WordPress Elementor Pro plugin <= 3.19.2 - Contributor+ Arbitrary User Meta Data Retrieval vulnerability
https://notcve.org/view.php?id=CVE-2024-23523
26 Feb 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Elementor Pro.This issue affects Elementor Pro: from n/a through 3.19.2. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Elementor Pro. Este problema afecta a Elementor Pro: desde n/a hasta 3.19.2. The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.19.2 . This makes it possible for authenticated attackers... • https://patchstack.com/database/vulnerability/elementor-pro/wordpress-elementor-pro-plugin-3-19-2-contributor-arbitrary-user-meta-data-retrieval-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •