cleantalk
Vulnerabilities and Security Researches

Elementor Website Builder – More than Just a Page Builder, CVE-2025-8081

CVE, Research URL

CVE-2025-8081

Home page URL

Security reports for Elementor Website Builder – More than Just a Page Builder

Application

Elementor Website Builder – More than Just a Page Builder

Published on
Aug 12, 2025
Research Description
The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Affected versions
Min -, max 3.30.3.
Status
vulnerable
Previous vulnerability researches
WP Private Content Plus (CVE-2019-15816) , Jun 10, 2024
WP Private Content Plus (CVE-2024-0680) , Jun 10, 2024
WP Private Content Plus (CVE-2025-4390) , Aug 12, 2025
WP Private Content Plus (CVE-2021-4342) , Jun 10, 2024
WP Private Content Plus (CVE-2021-4385) , Jun 10, 2024
New vulnerability
Elementor Website Builder – More than Just a Page Builder (CVE-2025-8081) , Aug 14, 2025
Easy restaurant menu manager (CVE-2025-8491) , Aug 14, 2025
Project Cost Calculator (CVE-2025-52775) , Aug 14, 2025
String locator , Aug 13, 2025
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler (CVE-2025-54028) , Aug 13, 2025