Elementor Website Builder
Elementor
Developer
4.0.1
Latest version
10,000,000
Installations
No date
Last updated
Vulnerability history
0 present
36 patched
7 Mitigation rules
- Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template vulnerability<= 3.35.73 days ago
- Broken Access Control vulnerability<= 3.35.507/03/2026
- Cross Site Scripting (XSS) vulnerability<= 3.35.513/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 3.29.031/12/2025
- Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Text Path vulnerability<= 3.33.316/12/2025
- Broken Access Control vulnerability<= 3.33.025/11/2025
- Authenticated (Administrator+) Arbitrary File Read via Image Import vulnerability<= 3.30.211/08/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path Widget vulnerability<= 3.30.228/07/2025
- Cross Site Scripting (XSS) vulnerability<= 3.29.019/06/2025
- Cross Site Scripting (XSS) vulnerability<= 3.25.1024/02/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 3.27.419/02/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via Typography Settings vulnerability<= 3.25.923/12/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 3.25.726/11/2024
- Authenticated (Contributor+) Basic Information Exposure via get_image_alt function vulnerability<= 3.24.514/10/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting in the URL Parameter in Multiple Widgets vulnerability<= 3.23.411/09/2024
- Arbitrary SVG File Download vulnerability<= 3.22.128/06/2024
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability< 3.21.621/05/2024
- Auth. Stored Cross-Site Scripting vulnerability<= 3.20.226/03/2024
- Authenticated Stored Cross-Site Scripting via get_image_alt vulnerability<= 3.18.307/02/2024
- Arbitrary File Deletion and Phar Deserialization vulnerability<= 3.19.006/02/2024
- Arbitrary File Upload vulnerability3.3.0-3.18.106/12/2023
- Contributor+ Arbitrary Attachment Read vulnerability<= 3.16.408/11/2023
- Contributor+ Cross Site Scripting (XSS) vulnerability<= 3.16.408/11/2023
- Broken Access Control vulnerability<= 3.13.224/05/2023
- Missing Authorization to Settings Update vulnerability<= 3.13.112/05/2023
- Admin+ SQLi<= 3.12.124/04/2023
- Unauthenticated DOM-based Reflected Cross-Site Scripting (XSS) vulnerability<= 3.5.513/06/2022
- Arbitrary File Upload vulnerability3.6.0-3.6.213/04/2022
- DOM Cross-Site Scripting (XSS) vulnerability<= 3.1.320/10/2021
- Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities<= 3.1.117/03/2021
- Unrestricted SVG Uploads vulnerability<= 3.0.1325/11/2020
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 2.9.1302/09/2020
- Authenticated Reflected Cross-Site Scripting (XSS) vulnerability<= 2.8.430/01/2020
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 2.7.529/01/2020
- Authenticated Unrestricted Editing vulnerability<= 1.7.1202/12/2017
- Potential Privilege Escalation vulnerability<= 1.8.702/12/2017