Website Builder

3 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-8081 MEDIUM PATCH Monitor

The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Website Builder PHP
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-13445 MEDIUM PATCH This Month

The Elementor Website Builder - More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the border, margin and gap parameters in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Website Builder
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-8494 MEDIUM Monitor

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Website Builder
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-8081
EPSS 0% CVSS 4.9
MEDIUM PATCH Monitor

The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Website Builder +1
NVD GitHub
CVE-2024-13445
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The Elementor Website Builder - More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the border, margin and gap parameters in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Website Builder
NVD
CVE-2024-8494
EPSS 0% CVSS 4.3
MEDIUM Monitor

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Website Builder
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy