Vulnerabilities and security researches fortheme-builder-for-elementor theme-builder-for-elementor

Nov 23, 2024

CVE, Research URL: CVE-2024-10782
Home page URL: Security reports for Theme Builder For Elementor
Application: Theme Builder For Elementor
Date: Nov 21, 2024
Research Description: The Theme Builder For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.
Affected versions: Min -, max -.
Status: vulnerable

Jul 18, 2025

CVE, Research URL: CVE-2025-54033
Home page URL: Security reports for Theme Builder For Elementor
Application: Theme Builder For Elementor
Date: Jul 16, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in BlocksWP Theme Builder For Elementor allows Cross Site Request Forgery. This issue affects Theme Builder For Elementor: from n/a through 1.2.3.
Affected versions: Min -, max -.
Status: vulnerable