Website builder
This hub aggregates every CVE we track for Website builder, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
37
CVEs tracked
2
Critical
3
High
0
In CISA KEV
Severity distribution
MEDIUM32HIGH3CRITICAL2
Monthly trend
1
0
1
1
1
1
1
2
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Website builder.
- CVE-2025-8081Elementor <= 3.30.2 - Authenticated (Administrator+) Arbitrary File Read via Image Import4.9
- CVE-2025-3075Elementor <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4
- CVE-2024-54444WordPress Elementor plugin <= 3.25.10 - Cross Site Scripting (XSS) vulnerability6.5
- CVE-2024-13445Elementor Website Builder – More Than Just a Page Builder <= 3.27.4 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4
- CVE-2024-8494Elementor Website Builder Pro – More than Just a Page Builder <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode4.3
- CVE-2024-10453Elementor Website Builder – More than Just a Page Builder <= 3.25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typography Settings6.4
- CVE-2024-8236Elementor Website Builder – More than Just a Page Builder <= 3.25.7 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4
- CVE-2024-6757Elementor <= 3.23.5 - Authenticated (Contributor+) Basic Information Exposure via get_image_alt Function4.3
- CVE-2024-5416Elementor Website Builder – More than Just a Page Builder <= 3.23.4 - Authenticated (Contributor+) Stored Cross-Site Scripting in the URL Parameter in Multiple Widgets5.4
- CVE-2024-37437WordPress Elementor Website Builder plugin <= 3.22.1 - Arbitrary SVG File Download vulnerability5.5
- CVE-2023-33922WordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerability4.3
- CVE-2024-4619Elementor Website Builder – More than Just a Page Builder <= 3.21.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting6.4
- CVE-2024-24934WordPress Elementor plugin <= 3.19.0 - Arbitrary File Deletion and Phar Deserialization vulnerability8.5
- CVE-2024-4107Elementor Website Builder Pro <= 3.21.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting6.4
- CVE-2023-47504WordPress Elementor plugin <= 3.16.4 - Auth. Arbitrary Attachment Read vulnerability6.5
Product normalization is registry-driven with AI assist and human review. How it works