cleantalk
Vulnerabilities and Security Researches

Elementor Website Builder – More than Just a Page Builder, CVE-2020-13865

CVE, Research URL

CVE-2020-13865

Home page URL

Security reports for Elementor Website Builder – More than Just a Page Builder

Application

Elementor Website Builder – More than Just a Page Builder

Published on
Jun 06, 2020
Research Description
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
Affected versions
Min -, max 2.9.10.
Status
vulnerable
Previous vulnerability researches
Hello Elementor (CVE-2024-31289) , Jun 10, 2024
Envo's Elementor Templates & Widgets for WooCommerce (CVE-2024-43292) , Aug 20, 2024
Envo's Elementor Templates & Widgets for WooCommerce (CVE-2024-0766) , Jun 10, 2024
Envo's Elementor Templates & Widgets for WooCommerce (CVE-2024-35167) , Jun 10, 2024
Envo's Elementor Templates & Widgets for WooCommerce (CVE-2024-50447) , Oct 27, 2024
New vulnerability
Featured Image Plus (CVE-2025-4431) , Jun 10, 2025
Products per Page for WooCommerce (CVE-2025-47504) , Jun 10, 2025
Min Max Default Quantity for WooCommerce (CVE-2025-47504) , Jun 09, 2025
The Plus Addons for Elementor (CVE-2025-49076) , Jun 06, 2025
WP Pipes (CVE-2025-48267) , Jun 06, 2025