cleantalk
Vulnerabilities and Security Researches

Elementor Website Builder – More than Just a Page Builder, CVE-2025-8081

CVE, Research URL

CVE-2025-8081

Home page URL

Security reports for Elementor Website Builder – More than Just a Page Builder

Application

Elementor Website Builder – More than Just a Page Builder

Published on
Aug 12, 2025
Research Description
The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Affected versions
Min -, max 3.30.3.
Status
vulnerable
Previous vulnerability researches
myCred Elementor (CVE-2024-49702) , Oct 25, 2024
New vulnerability
OceanWP (CVE-2025-8891) , Aug 14, 2025
Premium Addons for KingComposer (CVE-2025-49036) , Aug 14, 2025
Elementor Website Builder – More than Just a Page Builder (CVE-2025-8081) , Aug 14, 2025
Easy restaurant menu manager (CVE-2025-8491) , Aug 14, 2025
Project Cost Calculator (CVE-2025-52775) , Aug 14, 2025