GCVE - cpe:2.3:a:elementor:elementor_page_builder:*:*:*:*:pro:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:elementor:elementor_page_builder:*:*:*:*:pro:wordpress:*:*

part: a version: * update: *

Vendor	Elementor (`495bbd9d-fd16-5fda-b5c3-511153e4eb2c`)
Product	Elementor Page Builder (`fd4ded8c-5b08-581d-b8a2-7b68d57a60a3`)
Edition	*
Language	*
Software edition	pro
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-3076`	vulnerable	2026-06-08 07:23:07.952651	Elementor Pro <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting MEDIUM (6.4) The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_text’ parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: 2025-06-10T04:23:09.744Z Updated: 2026-04-08T16:35:04.765Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/0c796ee7-5394-40f3-9158-1a006efbf085?source=cve https://elementor.com/pro/changelog/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-13126`	vulnerable	2026-06-08 05:18:00.200483	Details available CRITICAL (9.9) An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is unaffected. Published: 2020-05-17T00:38:37.000Z Updated: 2024-08-04T12:11:19.166Z Open on db.gcve.eu Reference links https://wpvulndb.com/vulnerabilities/10214 https://www.wordfence.com/blog/2020/05/combined-attack-on-elementor-pro-and-ultimate-addons-for-elementor-puts-1-million-sites-at-risk/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-18379`	vulnerable	2026-06-08 05:11:13.900678	Details available The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS. Published: 2019-10-07T11:28:17.000Z Updated: 2024-08-05T11:08:21.718Z Open on db.gcve.eu Reference links https://www.contextis.com/resources/advisories https://elementor.com/blog/ https://www.contextis.com/en/resources/advisories/cve-2018-18379	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Elementor Page Builder

PURL mappings

Vulnerability references

Contribute