Elementor Page Builder
Approved changes feed: RSS · Atom
cpe:2.3:a:elementor:elementor_page_builder:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Elementor (495bbd9d-fd16-5fda-b5c3-511153e4eb2c) |
|---|---|
| Product | Elementor Page Builder (fd4ded8c-5b08-581d-b8a2-7b68d57a60a3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/elementor/elementor |
purl2cpe | 2026-06-01 10:13:03.205628 |
pkg:wordpress/elementor |
purl2cpe | 2026-06-01 10:13:03.205629 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-7055 |
vulnerable | 2026-06-08 05:27:11.851507 |
Details available
An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive.
Published: 2020-04-22T17:02:49.000Z
Updated: 2024-08-04T09:18:02.876Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-20406 |
vulnerable | 2026-06-08 05:22:30.358867 |
Details available
A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes.
Published: 2020-09-16T19:59:53.000Z
Updated: 2024-08-04T14:22:24.890Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-13865 |
vulnerable | 2026-06-08 05:18:01.250550 |
Details available
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
Published: 2020-06-05T21:23:37.000Z
Updated: 2024-08-04T12:32:13.999Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-13864 |
vulnerable | 2026-06-08 05:18:01.250011 |
Details available
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
Published: 2020-06-05T21:21:29.000Z
Updated: 2024-08-04T12:32:13.872Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18596 |
vulnerable | 2026-06-08 05:09:11.298038 |
Details available
The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions.
Published: 2019-09-10T10:55:02.000Z
Updated: 2024-08-05T21:28:55.695Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.