Elementor Page Builder
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Elementor Page Builder.
By the Year
In 2026 there have been 0 vulnerabilities in Elementor Page Builder. Last year, in 2025 Elementor Page Builder had 1 security vulnerability published. Right now, Elementor Page Builder is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 5.40 |
| 2024 | 1 | 7.50 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 5 | 5.68 |
| 2019 | 1 | 0.00 |
It may take a day or so for new Elementor Page Builder vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Elementor Page Builder Security Vulnerabilities
Elementor WP Builder <3.29.0 Stored XSS via button_text
CVE-2025-3076
5.4 - Medium
- June 10, 2025
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button_text parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
Elementor Page Builder PDF Generator Addon Path Traversal Vulnerability
CVE-2024-9935
7.5 - High
- November 16, 2024
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Directory traversal
A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions
CVE-2020-20406
5.4 - Medium
- September 16, 2020
A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes.
XSS
Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature
CVE-2020-20634
6.5 - Medium
- August 21, 2020
Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog.
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability
CVE-2020-13864
5.4 - Medium
- June 05, 2020
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
XSS
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities
CVE-2020-13865
5.4 - Medium
- June 05, 2020
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
XSS
The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template.
CVE-2020-7109
- January 22, 2020
The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template.
The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions.
CVE-2017-18596
- September 10, 2019
The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Elementor Page Builder or by Elementor? Click the Watch button to subscribe.
