Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

elementor

Source -

ADPNVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

5

CISA CVEs -

0

NVD CVEs -

53
Related CVEsRelated ProductsRelated AssignersReports
55Vulnerabilities found
CVE-2020-7055
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-2.07% / 83.20%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 17:02
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive.

Action-Not Available
Vendor-elementorn/a
Product-elementor_page_buildern/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-8426
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.45% / 62.70%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 22:26
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user.

Action-Not Available
Vendor-elementorn/a
Product-website_buildern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-7109
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 74.32%
||
7 Day CHG~0.00%
Published-22 Jan, 2020 | 16:08
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template.

Action-Not Available
Vendor-elementorn/a
Product-website_buildern/a
CVE-2018-18379
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.61% / 68.83%
||
7 Day CHG~0.00%
Published-07 Oct, 2019 | 11:28
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS.

Action-Not Available
Vendor-elementorn/a
Product-elementor_page_buildern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18596
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.58% / 67.94%
||
7 Day CHG~0.00%
Published-10 Sep, 2019 | 10:55
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions.

Action-Not Available
Vendor-elementorn/a
Product-elementor_page_buildern/a
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • Next