Elementor vulnerabilities - every known CVE across the builder and its add-ons
Elementor's widget and template system pulls in a large third-party add-on ecosystem, which is where most disclosed CVEs originate rather than the core builder.
elementor security
Every published CVE affecting elementor
This list contains every CVE that names elementor as an affected product. Records come from the official CVE feeds maintained by MITRE and NIST. Each record includes a CVSS severity score, the affected version range, and a link to the full NVD entry. New records usually appear here within minutes of publication.
Third-party plugins, extensions, and add-ons built on top of elementor are included alongside the core product. In most CMS ecosystems, the majority of CVEs come from the extension layer rather than the core application itself. Searching by component name is just as important as searching by platform name.
Understanding CVSS scores
Severity ratings explained
Every CVE has a CVSS 3.x score from 0 to 10. The score is based on how the vulnerability can be reached (over the network or locally), how complex the exploit is, what access an attacker needs beforehand, whether a victim has to do something first, and the impact on confidentiality, integrity, and availability if the attack succeeds.
Search by component name, vendor, or keyword to filter this list. Click any CVE ID to see the full record. If your installed version falls within the affected range, update immediately or check the vendor's security advisory.
| CVE ID | Severity | CVSS | Title | Published |
|---|---|---|---|---|
| CVE-2026-13402 | — | — | Jul 17, 2026 today | |
| CVE-2026-61976 | medium | 5.3/10 | Jul 13, 2026 4d ago | |
| CVE-2026-57804 | high | 7.5/10 | Jul 13, 2026 4d ago | |
| CVE-2026-57718 | high | 7.1/10 | Jul 13, 2026 4d ago | |
| CVE-2026-57376 | high | 7.1/10 | Jul 13, 2026 4d ago | |
| CVE-2026-15338 | high | 7.5/10 | Jul 11, 2026 6d ago | |
| CVE-2026-13710 | medium | 6.4/10 | Jul 10, 2026 7d ago | |
| CVE-2026-15299 | medium | 6.4/10 | Jul 10, 2026 7d ago | |
| CVE-2026-15285 | medium | 6.4/10 | Jul 10, 2026 7d ago | |
| CVE-2026-15284 | medium | 6.4/10 | Jul 10, 2026 7d ago | |
| CVE-2026-10570 | medium | 6.4/10 | Jul 8, 2026 9d ago | |
| CVE-2026-11328 | medium | 6.4/10 | Jul 7, 2026 10d ago | |
| CVE-2026-59511 | medium | 5.3/10 | Jul 5, 2026 11d ago | |
| CVE-2026-9145 | medium | 6.5/10 | Jul 2, 2026 15d ago | |
| CVE-2026-11600 | medium | 4.3/10 | Jul 2, 2026 15d ago | |
| CVE-2026-11380 | medium | 6.4/10 | Jul 1, 2026 16d ago | |
| CVE-2026-49765 | critical | 9.8/10 | Jun 15, 2026 1mo ago | |
| CVE-2026-49109 | critical | 9.8/10 | Jun 15, 2026 1mo ago | |
| CVE-2026-49105 | critical | 9.8/10 | Jun 15, 2026 1mo ago | |
| CVE-2026-49104 | critical | 9.8/10 | Jun 15, 2026 1mo ago | |
| CVE-2026-49085 | critical | 9.8/10 | Jun 15, 2026 1mo ago | |
| CVE-2026-48870 | medium | 6.5/10 | Jun 15, 2026 1mo ago | |
| CVE-2026-45437 | high | 7.1/10 | Jun 15, 2026 1mo ago | |
| CVE-2026-25440 | medium | 5.3/10 | Jun 15, 2026 1mo ago | |
| CVE-2026-9691 | critical | 9.8/10 | Jun 15, 2026 1mo ago | |
| CVE-2023-25969 | medium | 5.4/10 | Jun 11, 2026 1mo ago | |
| CVE-2026-8613 | medium | 6.4/10 | Jun 10, 2026 1mo ago | |
| CVE-2025-8444 | medium | 6.4/10 | Jun 10, 2026 1mo ago | |
| CVE-2026-8677 | medium | 6.4/10 | Jun 9, 2026 1mo ago | |
| CVE-2026-11603 | medium | 6.1/10 | Jun 9, 2026 1mo ago |