Elementor Website Builder
Approved changes feed: RSS · Atom
cpe:2.3:a:elementor:elementor_website_builder:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Elementor (495bbd9d-fd16-5fda-b5c3-511153e4eb2c) |
|---|---|
| Product | Elementor Website Builder (a0de6427-8578-571c-acd3-3c860135d5c1) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-49782 |
vulnerable | 2026-06-08 08:05:12.471540 |
WordPress Elementor Website Builder plugin <= 4.1.0 - Broken Access Control vulnerability
MEDIUM (5.4)
Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Elementor Website Builder: from n/a through 4.1.0.
Published: 2026-06-02T14:03:35.907Z
Updated: 2026-06-02T14:41:13.598Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-32445 |
vulnerable | 2026-06-08 07:57:17.591147 |
WordPress Elementor Website Builder plugin <= 3.35.5 - Broken Access Control vulnerability
LOW (2.7)
Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.
Published: 2026-03-13T11:42:20.356Z
Updated: 2026-04-29T09:51:59.696Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-32352 |
vulnerable | 2026-06-08 07:57:17.467504 |
WordPress Elementor Website Builder plugin <= 3.35.5 - Cross Site Scripting (XSS) vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows DOM-Based XSS.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.
Published: 2026-03-13T11:41:59.354Z
Updated: 2026-04-29T09:51:57.697Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-67588 |
vulnerable | 2026-06-08 07:41:20.038226 |
WordPress Elementor Website Builder plugin <= 3.33.0 - Broken Access Control vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.33.0.
Published: 2025-12-09T14:14:16.826Z
Updated: 2026-04-28T16:14:22.112Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-54444 |
vulnerable | 2026-06-08 06:54:16.551236 |
WordPress Elementor plugin <= 3.25.10 - Cross Site Scripting (XSS) vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through <= 3.25.10.
Published: 2025-02-25T14:17:49.943Z
Updated: 2026-04-28T16:10:52.648Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50555 |
vulnerable | 2026-06-08 06:52:10.379805 |
WordPress Elementor Website Builder plugin <= 3.29.0 - Cross Site Scripting (XSS) vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through <= 3.29.0.
Published: 2026-02-20T15:46:25.284Z
Updated: 2026-04-28T16:10:32.037Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37437 |
vulnerable | 2026-06-08 06:39:47.572602 |
WordPress Elementor Website Builder plugin <= 3.22.1 - Arbitrary SVG File Download vulnerability
MEDIUM (5.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor.This issue affects Elementor Website Builder: from n/a through <= 3.22.1.
Published: 2024-07-09T10:38:55.423Z
Updated: 2026-04-28T16:09:58.931Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24934 |
vulnerable | 2026-06-08 06:29:42.085014 |
WordPress Elementor plugin <= 3.19.0 - Arbitrary File Deletion and Phar Deserialization vulnerability
HIGH (8.5)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through 3.19.0.
Published: 2024-05-17T08:50:02.499Z
Updated: 2026-04-28T16:09:11.641Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-47504 |
vulnerable | 2026-06-08 06:14:24.769779 |
WordPress Elementor plugin <= 3.16.4 - Auth. Arbitrary Attachment Read vulnerability
MEDIUM (6.5)
Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4.
Published: 2024-04-24T15:49:48.943Z
Updated: 2026-04-28T16:08:49.311Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-33922 |
vulnerable | 2026-06-08 06:06:23.874984 |
WordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2.
Published: 2024-06-11T09:17:29.261Z
Updated: 2026-04-28T16:08:26.348Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.