cleantalk
Vulnerabilities and Security Researches

Elementor Website Builder – More than Just a Page Builder, CVE-2025-8081

CVE, Research URL

CVE-2025-8081

Home page URL

Security reports for Elementor Website Builder – More than Just a Page Builder

Application

Elementor Website Builder – More than Just a Page Builder

Published on
Aug 12, 2025
Research Description
The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Affected versions
Min -, max 3.30.3.
Status
vulnerable
Previous vulnerability researches
Blogger Buzz (CVE-2025-54680) , Aug 02, 2025
Blogger Buzz (115f6bdb0e5c21979d308193f82caf8fb7388640) , Jun 11, 2024
Blogger Buzz (CVE-2023-30476) , Jun 10, 2024
New vulnerability
WooCommerce Affiliate Plugin – Coupon Affiliates (CVE-2025-54025) , Aug 14, 2025
RT Easy Builder – Advanced addons for Elementor (CVE-2025-8462) , Aug 14, 2025
Database for Contact Form 7, WPforms, Elementor forms (CVE-2025-7384) , Aug 14, 2025
Eventer (CVE-2025-39483) , Aug 14, 2025
Simple Local Avatars (CVE-2025-8482) , Aug 14, 2025