Elementor Website Builder
Elementor
Developer
3.33.1
Latest version
10,000,000
Installations
1 day ago
Last updated
Vulnerability history
0 present
30 fixed
7 Mitigation rules
- Authenticated (Administrator+) Arbitrary File Read via Image Import vulnerability<= 3.30.2Aug 11, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path Widget vulnerability<= 3.30.2Jul 28, 2025
- Cross Site Scripting (XSS) vulnerability<= 3.29.0Jun 19, 2025
- Cross Site Scripting (XSS) vulnerability<= 3.25.10Feb 24, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 3.27.4Feb 19, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via Typography Settings vulnerability<= 3.25.9Dec 23, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 3.25.7Nov 26, 2024
- Authenticated (Contributor+) Basic Information Exposure via get_image_alt function vulnerability<= 3.24.5Oct 14, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting in the URL Parameter in Multiple Widgets vulnerability<= 3.23.4Sep 11, 2024
- Arbitrary SVG File Download vulnerability<= 3.22.1Jun 28, 2024
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability< 3.21.6May 21, 2024
- Auth. Stored Cross-Site Scripting vulnerability<= 3.20.2Mar 26, 2024
- Authenticated Stored Cross-Site Scripting via get_image_alt vulnerability<= 3.18.3Feb 7, 2024
- Arbitrary File Deletion and Phar Deserialization vulnerability<= 3.19.0Feb 6, 2024
- Arbitrary File Upload vulnerability3.3.0-3.18.1Dec 6, 2023
- Contributor+ Arbitrary Attachment Read vulnerability<= 3.16.4Nov 8, 2023
- Contributor+ Cross Site Scripting (XSS) vulnerability<= 3.16.4Nov 8, 2023
- Broken Access Control vulnerability<= 3.13.2May 24, 2023
- Missing Authorization to Settings Update vulnerability<= 3.13.1May 12, 2023
- Admin+ SQLi<= 3.12.1Apr 24, 2023
- Unauthenticated DOM-based Reflected Cross-Site Scripting (XSS) vulnerability<= 3.5.5Jun 13, 2022
- Arbitrary File Upload vulnerability3.6.0-3.6.2Apr 13, 2022
- DOM Cross-Site Scripting (XSS) vulnerability<= 3.1.3Oct 20, 2021
- Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities<= 3.1.1Mar 17, 2021
- Unrestricted SVG Uploads vulnerability<= 3.0.13Nov 25, 2020
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 2.9.13Sep 2, 2020
- Authenticated Reflected Cross-Site Scripting (XSS) vulnerability<= 2.8.4Jan 30, 2020
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 2.7.5Jan 29, 2020
- Authenticated Unrestricted Editing vulnerability<= 1.7.12Dec 2, 2017
- Potential Privilege Escalation vulnerability<= 1.8.7Dec 2, 2017