Medium 6.4
2026-05-01< 4.0.5
CVE-2026-6127
Elementor Website Builder – more than just a page builder
Minimum safe version
4.0.5
Update to 4.0.5 or later to address 60 fixable vulnerabilities
Latest available4.0.7 ✓Affected up to3.6.2 ⚠
Medium 6.4
2026-04-08< 3.35.6
CVE-2025-14732
N/A
2026-03-25< 3.35.8
Elementor Website Builder <= 3.35.7 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template
Medium 6.5
2026-03-13< 3.35.6
CVE-2026-32352
Low 2.7
2026-03-13< 3.35.6
CVE-2026-32445
Medium 6.4
2025-12-16< 3.33.4
CVE-2025-11220
Medium 4.3
2025-12-09< 3.33.1
CVE-2025-67588
Medium 4.9
2025-08-12< 3.30.3
Elementor <= 3.30.2 - Authenticated (Administrator+) Arbitrary File Read via Image Import
Medium 6.4
2025-07-29< 3.29.1
Elementor <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Medium 6.4
2025-07-29< 3.30.3
Elementor <= 3.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path Widget
Medium 6.5
2026-02-20< 3.29.1
CVE-2024-50555
Medium 6.5
2025-02-25< 3.25.11
CVE-2024-54444
Medium 6.4
2025-02-20< 3.27.5
CVE-2024-13445
Medium 6.4
2024-12-23< 3.25.10
WordPress Elementor Website Builder Plugin <= 3.25.9 is vulnerable to Cross Site Scripting (XSS)
Medium 5.4
2024-11-26< 3.25.8
CVE-2024-8236
Medium 4.3
2024-10-15< 3.24.6
CVE-2024-6757
Medium 5.4
2024-09-11< 3.24.0
CVE-2024-5416
Medium 5.5
2024-07-09< 3.22.2
CVE-2024-37437
Medium 5.4
2024-05-21< 3.22.0-beta2
CVE-2024-4619
Medium 5.4
2024-04-09< 3.20.3
CVE-2024-2117
High 8.5
2024-05-17< 3.19.1
CVE-2024-24934
Medium 5.4
2024-02-20< 3.19.0
CVE-2024-0506
Critical 9.9
2024-03-26< 3.18.2
CVE-2023-48777
Medium 6.5
2024-04-24< 3.16.5
CVE-2023-47504
Medium 6.5
2023-11-30< 3.16.5
CVE-2023-47505
N/A
< 3.13.2
Elementor Website Builder < 3.13.2 - Missing Authorization
Medium 6.1
2023-08-14< 3.5.5
CVE-2022-4953
Medium 6.4
2023-06-07< 2.9.8
CVE-2020-36703
High 7.2
2023-05-30< 3.12.2
CVE-2023-0329
Medium 4.3
2024-06-11< 3.13.3
CVE-2023-33922
N/A
2023-05-12< 3.13.2
WordPress Elementor Website Builder Plugin <= 3.13.1 is vulnerable to Broken Access Control
N/A
2023-05-12< 3.13.2
Elementor <= 3.13.1 - Missing Authorization to Settings Update
N/A
2023-04-24< 3.12.2
WordPress Elementor Website Builder Plugin <= 3.12.1 is vulnerable to SQL Injection
N/A
2023-04-24< 3.12.2
Elementor <= 3.12.1 - Authenticated(Administrator+) SQL Injection via 'replace_urls'
N/A
< 2.7.7
Elementor Page Builder < 2.7.6 - Authenticated Stored XSS
N/A
< 2.9.8
Elementor < 2.9.8 - SVG Sanitizer Bypass leading to Authenticated Stored XSS
Critical 9.9
2020-04-22< 2.7.5
CVE-2020-7055
N/A
2020-01-29< 2.7.6
Elementor Website Builder <= 2.7.5 - Stored Cross-Site Scripting
N/A
2020-04-21< 2.9.8
Elementor Website Builder <= 2.9.7 - Authenticated Stored Cross-Site Scripting
Medium 4.7
2022-06-13< 3.5.6
CVE-2022-29455
N/A
2017-12-02< 1.8.8
WordPress Elementor Page Builder <=1.8.7 - Potential Privilege Escalation vulnerability
N/A
2017-12-02< 1.8.0
WordPress Elementor Page Builder <=1.7.12 - Authenticated Unrestricted Editing vulnerability
N/A
2020-01-29< 2.7.6
WordPress Elementor Page Builder plugin <= 2.7.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
N/A
2021-03-17< 3.1.4
WordPress Elementor Website Builder plugin <= 3.1.1 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
High 8.8
2022-04-19≥ 3.6.0 and ≤ 3.6.2
CVE-2022-1329
High 8.8
2019-09-10< 1.8.0
CVE-2017-18596
Critical 9.8
2020-01-22< 2.8.4
CVE-2020-7109
Medium 5.4
2020-01-30< 2.8.5
WordPress Elementor Page Builder plugin <= 2.8.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Medium 5.4
2020-06-05< 2.9.10
CVE-2020-13865
Medium 5.4
2020-06-05< 2.9.9
CVE-2020-13864
Medium 6.5
2020-08-21< 2.9.6
CVE-2020-20634
Medium 5.4
2020-09-02< 2.9.14
WordPress Elementor Website Builder plugin <= 2.9.13 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Medium 5.4
2020-09-16< 2.9.3
CVE-2020-20406
Medium 6.1
2021-01-06< 3.0.14
CVE-2020-36171
Medium 5.4
2021-04-05< 3.1.4
CVE-2021-24201
Medium 5.4
2021-04-05< 3.1.4
CVE-2021-24206
Medium 5.4
2021-04-05< 3.1.4
CVE-2021-24205
Medium 5.4
2021-04-05< 3.1.4
CVE-2021-24204
Medium 5.4
2021-04-05< 3.1.4
CVE-2021-24203
Medium 5.4
2021-04-05< 3.1.4
CVE-2021-24202
Medium 6.1
2025-10-03< 3.6.3
CVE-2021-24891