Elemntor Elementor Website Builder – More Than Just A Page Builder
16 CVEs affecting Elemntor Elementor Website Builder – More Than Just A Page Builder. Latest disclosed: 2026-05-01. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-6127 | Medium | 6.4 | 2026-05-01 | The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _elementor_data meta field in versions up to, and inclu… |
CVE-2025-14732 | Medium | 6.4 | 2026-04-08 | The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widget parameters i… |
CVE-2025-11220 | Medium | 6.4 | 2025-12-16 | The Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Text Path widget in all versions up to, and including, 3.33.3… |
CVE-2025-4566 | Medium | 6.4 | 2025-07-29 | The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text DOM element a… |
CVE-2025-3075 | Medium | 6.4 | 2025-07-29 | The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'elementor-ele… |
CVE-2024-13445 | Medium | 6.4 | 2025-02-20 | The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the border, margin and gap… |
CVE-2024-10453 | Medium | 6.4 | 2024-12-21 | The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typography Set… |
CVE-2024-8236 | Medium | 6.4 | 2024-11-26 | The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter of the… |
CVE-2024-4619 | Medium | 6.4 | 2024-05-21 | The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hover_animat… |
CVE-2024-2117 | Medium | 6.4 | 2024-04-09 | The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Path Widget in… |
CVE-2024-0506 | Medium | 6.4 | 2024-02-20 | The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $instance[alt] param… |
CVE-2020-36703 | Medium | 6.4 | 2023-06-07 | The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 Th… |
CVE-2024-5416 | Medium | 5.4 | 2024-09-11 | The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter of multip… |
CVE-2025-8081 | Medium | 4.9 | 2025-08-12 | The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function d… |
CVE-2026-1206 | Medium | 4.3 | 2026-03-26 | The Elementor Website Builder plugin for WordPress is vulnerable to Incorrect Authorization to Sensitive Information Exposure in all versions up to, and includ… |
CVE-2024-6757 | Medium | 4.3 | 2024-10-15 | The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and inclu… |