🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Elementor Website Builder Pro

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Elementor Website Builder Pro

Information

Software Type	Plugin
Software Slug	elementor-pro
Software Status	Active
Software Author	https://elementor.com/
Software Website	elementor.com
Software Record Last Updated	March 27, 2024

11 Vulnerabilities

Elementor Website Builder Pro <= 3.20.1 - Authententicated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-1364

Mar 26, 2024

Researcher: wesley (wcraft)

Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via video_html_tag

6.4

CVE-2024-2781

Mar 26, 2024

Researcher: wesley (wcraft)

Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

5.4

CVE-2024-2121

Mar 26, 2024

Researcher: wesley (wcraft)

Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation

5.4

CVE-2024-2120

Mar 26, 2024

Researcher: wesley (wcraft)

Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Widget SVGZ File Upload

6.4

CVE-2024-1521

Mar 26, 2024

Researcher: wesley (wcraft)

Elementor Pro <= 3.19.2 - Authenticated (Contributor+) Information Exposure

4.3

CVE-2024-23523

Feb 26, 2024

Researcher: Dynamic.ooo Team

Elementor Pro <= 3.13.0 - Missing Authorization

6.3

CVE-2023-35050

Jun 20, 2023

Researcher: Rafie Muhammad

Elementor Pro <= 3.11.6 - Authenticated(Subscriber+) Privilege Escalation via update_page_option

8.8

CVE-2023-3124

Mar 28, 2023

Researcher: Jerome Bruandet

Elementor Pro <= 3.0.5 - Authenticated Remote Code Execution in Dynamic OOO Widget

7.2

CVE-2020-26596

Oct 6, 2020

Researchers:

Elementor Pro <= 2.9.3 - Authenticated (Subscriber+) Arbitrary File Upload

9.9

CVE-2020-13126

May 6, 2020

Researcher: Chloe Chamberland

Elementor Pro <= 2.0.9 - Cross-Site Scripting

6.1

CVE-2018-18379

Oct 26, 2018

Researcher: Christopher Vella

Title	CVE ID	CVSS	Researchers	Date
Elementor Website Builder Pro <= 3.20.1 - Authententicated (Contributor+) Stored Cross-Site Scripting	CVE-2024-1364	6.4	wesley (wcraft)	March 26, 2024
Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via video_html_tag	CVE-2024-2781	6.4	wesley (wcraft)	March 26, 2024
Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-2121	5.4	wesley (wcraft)	March 26, 2024
Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation	CVE-2024-2120	5.4	wesley (wcraft)	March 26, 2024
Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Widget SVGZ File Upload	CVE-2024-1521	6.4	wesley (wcraft)	March 26, 2024
Elementor Pro <= 3.19.2 - Authenticated (Contributor+) Information Exposure	CVE-2024-23523	4.3	Dynamic.ooo Team	February 26, 2024
Elementor Pro <= 3.13.0 - Missing Authorization	CVE-2023-35050	6.3	Rafie Muhammad	June 20, 2023
Elementor Pro <= 3.11.6 - Authenticated(Subscriber+) Privilege Escalation via update_page_option	CVE-2023-3124	8.8	Jerome Bruandet	March 28, 2023
Elementor Pro <= 3.0.5 - Authenticated Remote Code Execution in Dynamic OOO Widget	CVE-2020-26596	7.2		October 6, 2020
Elementor Pro <= 2.9.3 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2020-13126	9.9	Chloe Chamberland	May 6, 2020
Elementor Pro <= 2.0.9 - Cross-Site Scripting	CVE-2018-18379	6.1	Christopher Vella	October 26, 2018

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.