Product
elementor page builder
8 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-3076
CVE-2020-20406
CVE-2020-13865
CVE-2020-13864
CVE-2020-13126
CVE-2020-7055
CVE-2018-18379
CVE-2017-18596
< 3.29.1
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_text’ para
<= 2.9.2
A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlie
< 2.9.9
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can
< 2.9.9
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create po
< 2.9.4
An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunctio
<= 2.7.4
An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing
< 2.0.10
The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS.
< 1.8.0
The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions.