cleantalk
Vulnerabilities and Security Researches

Elementor Website Builder – More than Just a Page Builder, CVE-2026-32352

CVE, Research URL

CVE-2026-32352

Home page URL

Security reports for Elementor Website Builder – More than Just a Page Builder

Application

Elementor Website Builder – More than Just a Page Builder

Published on
Mar 14, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows DOM-Based XSS.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.
Affected versions
max 3.35.5.
Status
vulnerable
Previous vulnerability researches
Lunar &#8211; Sell photos online (CVE-2025-28936) , Mar 13, 2025
New vulnerability
Elementor Website Builder – More than Just a Page Builder (CVE-2026-32445) , Mar 29, 2026
Elementor Website Builder – More than Just a Page Builder (CVE-2026-32352) , Mar 29, 2026
Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) (CVE-2025-14799) , Mar 29, 2026
PixelYourSite &#8211; Your smart PIXEL (TAG) Manager (CVE-2026-27072) , Mar 29, 2026
wpDataTables &#8211; WordPress Data Table, Dynamic Tables &amp; Table Charts Plugin (CVE-2026-28039) , Mar 29, 2026