GCVE - cpe:2.3:a:elementor:elementor_pro:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:elementor:elementor_pro:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Elementor (`495bbd9d-fd16-5fda-b5c3-511153e4eb2c`)
Product	Elementor Pro (`367b81c9-4241-569f-be4f-c549337c4eab`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/elementor/elementor`	purl2cpe	2026-06-01 10:13:03.207203
`pkg:wordpress/elementor`	purl2cpe	2026-06-01 10:13:03.207206

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-35656`	vulnerable	2026-06-08 06:39:42.255476	WordPress Elementor Pro <= 3.21.2 - Reflected Cross Site Scripting (XSS) vulnerability HIGH (7.1) Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elementor Elementor Pro allows Reflected XSS.This issue affects Elementor Pro: from n/a through 3.21.2. Published: 2024-07-22T10:02:00.509Z Updated: 2026-04-28T16:09:52.407Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/elementor-pro/wordpress-elementor-pro-3-21-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-23523`	vulnerable	2026-06-08 06:29:39.879669	WordPress Elementor Pro plugin <= 3.19.2 - Contributor+ Arbitrary User Meta Data Retrieval vulnerability MEDIUM (6.5) Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Elementor Pro.This issue affects Elementor Pro: from n/a through 3.19.2. Published: 2024-03-16T04:26:07.549Z Updated: 2026-04-28T16:09:10.066Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/elementor-pro/wordpress-elementor-pro-plugin-3-19-2-contributor-arbitrary-user-meta-data-retrieval-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-35050`	vulnerable	2026-06-08 06:06:26.449849	WordPress Elementor Pro plugin <= 3.13.0 - Auth. Broken Access Control vulnerability MEDIUM (5.4) Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through 3.13.0. Published: 2024-06-19T12:28:01.532Z Updated: 2026-04-28T16:08:29.319Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/elementor-pro/wordpress-elementor-pro-plugin-3-13-0-subscriber-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.