WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Elementor Website Builder

2022-06-13
Elementor < 3.5.6 - DOM Reflected Cross-Site Scripting
Fixed in version 3.5.6
2022-04-13
Elementor 3.6.0-3.6.2 - Subscriber+ Arbitrary File Upload
Fixed in version 3.6.3
2021-03-24
Elementor < 3.4.8 - DOM Cross-Site-Scripting
Fixed in version 3.4.8
2021-03-17
Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget
Fixed in version 3.1.4
2021-03-17
Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Column Element
Fixed in version 3.1.4
2021-03-17
Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget
Fixed in version 3.1.4
2021-03-17
Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Divider Widget
Fixed in version 3.1.4
2021-03-17
Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget
Fixed in version 3.1.4
2021-03-17
Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget
Fixed in version 3.1.4
2021-01-06
Elementor < 3.0.14 - SVG Upload Allowed by Default
Fixed in version 3.0.14
2020-07-21
Elementor < 2.9.14 - Authenticated Stored Cross-Site Scripting
Fixed in version 2.9.14
2020-06-05
Elementor Page Builder < 2.9.10 - Authenticated Stored XSS
Fixed in version 2.9.10
2020-05-06
Elementor < 2.9.8 - SVG Sanitizer Bypass leading to Authenticated Stored XSS
Fixed in version 2.9.8
2020-03-31
Elementor Page Builder < 2.9.6 - Authenticated Safe Mode Privilege Escalation
Fixed in version 2.9.6
2020-01-29
Elementor Page Builder < 2.8.5 - Authenticated Reflected XSS
Fixed in version 2.8.5
2020-01-29
Elementor Page Builder < 2.7.6 - Authenticated Stored XSS
Fixed in version 2.7.7
2020-01-19
Elementor Page Builder < 2.8.4 - Cross-Site Scripting (XSS)
Fixed in version 2.8.4
2020-01-14
Elementor < 2.7.5 - Authenticated Arbitrary File Upload
Fixed in version 2.7.5
2017-11-27
Elementor Page Builder <= 1.7.12 - Authenticated Unrestricted Editing
Fixed in version 1.8.0