Elementor ↗
Elementor · CMS
13/100 Critical
Summary iPlain-English security verdict for Elementor, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Elementor currently scores 13/100 — critical. No tracked vulnerabilities are currently known to be exploited in the wild. Upgrade promptly to address the open critical vulnerabilities.
Disclosure trend iNew CVEs published for Elementor each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
'19
'20
'21
'22
'23
'24
'25
'26
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2022-1329 HIGH Unrestricted file upload EPSS 93% → see advisory CVE-2023-48777 CRITICAL Unrestricted file upload EPSS 89% → fixed in 3.18.2 CVE-2022-29455 MEDIUM Cross-site scripting (XSS) EPSS 58% → see advisory CVE-2020-7109 CRITICAL EPSS 1% → fixed in 2.8.4ℹ lifecycle unknown — needs latest supported version