CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54444 – WordPress Elementor plugin <= 3.25.10 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54444
24 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder allows Stored XSS. This issue affects Elementor Website Builder: from n/a through 3.25.10. The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.25.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and... • https://patchstack.com/database/wordpress/plugin/elementor/vulnerability/wordpress-elementor-plugin-3-25-10-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37437 – WordPress Elementor Website Builder plugin <= 3.22.1 - Arbitrary SVG File Download vulnerability
https://notcve.org/view.php?id=CVE-2024-37437
28 Jun 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Cross-Site Scripting (XSS), Stored XSS.This issue affects Elementor Website Builder: from n/a through 3.22.1. La limitación inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en Elementor Elementor Website Builder permite Cross-Site Scripting (XSS), XSS almacenado. Este problema afecta a Elementor Website Builder: desde n/a ... • https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-website-builder-more-than-just-a-page-builder-plugin-3-22-1-arbitrary-file-download-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-24934 – WordPress Elementor plugin <= 3.19.0 - Arbitrary File Deletion and Phar Deserialization vulnerability
https://notcve.org/view.php?id=CVE-2024-24934
07 Feb 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through 3.19.0. La limitación incorrecta de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en Elementor Elementor Website Builder permite manipular la entrada web en llamadas al sistema de archivos. Este problema afecta a Elementor Websi... • https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-19-0-arbitrary-file-deletion-and-phar-deserialization-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 16%CPEs: 1EXPL: 1CVE-2023-47504 – WordPress Elementor plugin <= 3.16.4 - Auth. Arbitrary Attachment Read vulnerability
https://notcve.org/view.php?id=CVE-2023-47504
08 Nov 2023 — Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4. Vulnerabilidad de autenticación incorrecta en Elementor Elementor Website Builder permite acceder a funciones no restringidas adecuadamente por las ACL. Este problema afecta a Elementor Website Builder: desde n/a hasta 3.16.4. The Elementor Website Builder plugin for WordPress is vulnerable to unaut... • https://github.com/davidxbors/CVE-2023-47504-POC • CWE-287: Improper Authentication CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33922 – WordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-33922
22 May 2023 — Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2. Vulnerabilidad de autorización faltante en Elementor Elementor Website Builder. Este problema afecta a Elementor Website Builder: desde n/a hasta 3.13.2. The Elementor plugin for WordPress is vulnerable to the creation of emergent resources due to insufficient input validation in the template "save_item" function in versions up to, and including, 3.13.3. This allo... • https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-13-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization CWE-1229: Creation of Emergent Resource •