cleantalk
Vulnerabilities and Security Researches

Elementor Header & Footer Builder, CVE-2024-2619

CVE, Research URL

CVE-2024-2619

Home page URL

Security reports for Elementor Header & Footer Builder

Application

Elementor Header & Footer Builder

Published on
May 17, 2024
Research Description
The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary HTML in pages that will be shown whenever a user accesses an injected page.
Affected versions
Min -, max 1.6.27.
Status
vulnerable
Previous vulnerability researches
Elementor Header & Footer Builder (CVE-2024-11230) , Dec 24, 2024
Elementor Header & Footer Builder (CVE-2024-10325) , Nov 09, 2024
Elementor Header & Footer Builder (CVE-2024-10050) , Oct 25, 2024
Elementor Header & Footer Builder (CVE-2025-8488) , Aug 02, 2025
Elementor Header & Footer Builder (CVE-2024-33933) , Jul 05, 2024
New vulnerability
Google Map Targeting (CVE-2025-52732) , Aug 04, 2025
WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin (CVE-2025-8152) , Aug 04, 2025
One Click Demo Import , Aug 04, 2025
My Reservation System (CVE-2025-7022) , Aug 02, 2025
Connector for Gravity Forms and Google Sheets (CVE-2025-54682) , Aug 02, 2025