Elementor Website Builder

Elementor

Developer

3.34.0

Latest version

10,000,000

Installations

No date

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

0 present

32 fixed

7 Mitigation rules

Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Text Path vulnerability
<= 3.33.3
Dec 16, 2025
Broken Access Control vulnerability
<= 3.33.0
Nov 25, 2025
Authenticated (Administrator+) Arbitrary File Read via Image Import vulnerability
<= 3.30.2
Aug 11, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path Widget vulnerability
<= 3.30.2
Jul 28, 2025
Cross Site Scripting (XSS) vulnerability
<= 3.29.0
Jun 19, 2025
Cross Site Scripting (XSS) vulnerability
<= 3.25.10
Feb 24, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 3.27.4
Feb 19, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting via Typography Settings vulnerability
<= 3.25.9
Dec 23, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 3.25.7
Nov 26, 2024
Authenticated (Contributor+) Basic Information Exposure via get_image_alt function vulnerability
<= 3.24.5
Oct 14, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting in the URL Parameter in Multiple Widgets vulnerability
<= 3.23.4
Sep 11, 2024
Arbitrary SVG File Download vulnerability
<= 3.22.1
Jun 28, 2024
Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability
< 3.21.6
May 21, 2024
Auth. Stored Cross-Site Scripting vulnerability
<= 3.20.2
Mar 26, 2024
Authenticated Stored Cross-Site Scripting via get_image_alt vulnerability
<= 3.18.3
Feb 7, 2024
Arbitrary File Deletion and Phar Deserialization vulnerability
<= 3.19.0
Feb 6, 2024
Arbitrary File Upload vulnerability
3.3.0-3.18.1
Dec 6, 2023
Contributor+ Arbitrary Attachment Read vulnerability
<= 3.16.4
Nov 8, 2023
Contributor+ Cross Site Scripting (XSS) vulnerability
<= 3.16.4
Nov 8, 2023
Broken Access Control vulnerability
<= 3.13.2
May 24, 2023
Missing Authorization to Settings Update vulnerability
<= 3.13.1
May 12, 2023
Admin+ SQLi
<= 3.12.1
Apr 24, 2023
Unauthenticated DOM-based Reflected Cross-Site Scripting (XSS) vulnerability
<= 3.5.5
Jun 13, 2022
Arbitrary File Upload vulnerability
3.6.0-3.6.2
Apr 13, 2022
DOM Cross-Site Scripting (XSS) vulnerability
<= 3.1.3
Oct 20, 2021
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
<= 3.1.1
Mar 17, 2021
Unrestricted SVG Uploads vulnerability
<= 3.0.13
Nov 25, 2020
Authenticated Stored Cross-Site Scripting (XSS) vulnerability
<= 2.9.13
Sep 2, 2020
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
<= 2.8.4
Jan 30, 2020
Authenticated Stored Cross-Site Scripting (XSS) vulnerability
<= 2.7.5
Jan 29, 2020
Authenticated Unrestricted Editing vulnerability
<= 1.7.12
Dec 2, 2017
Potential Privilege Escalation vulnerability
<= 1.8.7
Dec 2, 2017