Is "Elementor Page Builder" safe?
WordPress Plugin security and safety information.
Rating: Good (current version safe)
Recommendations
Elementor Page Builder: Plugin Details
| Type: | Plugin |
| Author: | Elementor.com |
| URL: | https://wordpress.org/plugins/elementor/ |
| Latest Version: | 3.27.6 |
Elementor Page Builder: Security Information
| Insecure versions: | Up To 3.25.9 |
| Known since: | 2025-02-20 14:19:38 |
| Insecure versions: | Up To 3.25.7 |
| Known since: | 2025-01-13 07:51:53 |
| Insecure versions: | Up To 3.24.5 |
| Known since: | 2024-10-15 02:00:34 |
| Insecure versions: | Up To 3.23.4 |
| Known since: | 2024-09-12 02:00:52 |
| Insecure versions: | Up To 3.22.1 |
| Known since: | 2024-07-04 02:00:52 |
| Insecure versions: | Up To 3.21.5 |
| Known since: | 2024-07-03 15:35:29 |
| Insecure versions: | Up To 3.20.2 |
| Known since: | 2024-03-28 02:01:50 |
| Insecure versions: | Up To 3.19.0-beta6 |
| Known since: | 2024-02-10 02:01:38 |
| Insecure versions: | Up To 3.19.0 |
| Known since: | 2024-02-10 02:01:37 |
| Insecure versions: | Up To 3.18.1 |
| Known since: | 2023-12-09 02:00:25 |
| Insecure versions: | Up To 3.16.4 |
| Known since: | 2023-11-28 21:30:06 |
| Insecure versions: | Up To 3.16.4 |
| Known since: | 2023-11-24 13:49:10 |
| Insecure versions: | Up To 3.5.4 |
| Known since: | 2023-07-20 02:00:21 |
| Insecure versions: | Up To 3.13.1 |
| Known since: | 2023-05-13 02:00:21 |
| Insecure versions: | Up To 3.13.1 |
| Known since: | 2023-05-12 03:07:21 |
| Description: | The plugin does not check user capabilities on several functions, allowing authenticated attackers with a low amount of privilege (such as Subscribers) to perform actions that should only be available to users with higher privileges. |
| Insecure versions: | Up To 3.12.1 |
| Known since: | 2023-05-03 02:00:44 |
| Insecure versions: | Up To 3.5.5 |
| Known since: | 2022-06-14 08:41:19 |
| Insecure versions: | Versions 3.6.0 - 3.6.2 |
| Known since: | 2022-04-14 06:42:57 |
| Insecure versions: | Up To 3.1.3 |
| Known since: | 2021-10-21 19:05:57 |
| Insecure versions: | Up To 3.1.1 |
| Known since: | 2021-03-18 10:40:24 |
| Description: | The Elementor plugin prior to version 3.1.2 has multiple Authenticated Cross-Site Scripting vulnerabilities due to lack of input sanitization. |
| Insecure versions: | Up To 3.0.13 |
| Known since: | 2021-01-08 13:15:31 |
| Insecure versions: | Up To 2.9.13 |
| Known since: | 2020-08-31 16:16:58 |
| Description: | This version of the plugin is vulnerable to a stored XSS attack from authenticated attackers. |
| Insecure versions: | Up To 2.9.9 |
| Known since: | 2020-06-10 18:55:37 |
| Description: | An author user can create custom links containing XSS payloads or apply custom attributes to widgets which could result in remote code execution in victims' browsers. |
| Insecure versions: | Up To 2.7.4 |
| Known since: | 2020-05-13 14:21:50 |
| Description: | Due to the application not handling zip files with directories properly an attacker could upload php files which were executable, this allowed any user able to import templates (WordPress role “Contributor” or above) to execute commands on the underlying server. |
| Insecure versions: | Up To 2.9.7 |
| Known since: | 2020-05-06 21:50:54 |
| Description: | Versions prior to 2.9.8 are prone to a broken access control vulnerability that could lead to stored XSS attacks via SVG image upload. |
| Insecure versions: | Up To 2.9.5 |
| Known since: | 2020-04-01 13:19:35 |
| Description: | The Elementor WordPress plugin could allow an authenticated user to enable Safe Mode. This could allow the user to then disable plugins, which could include security plugins, which would weaken the overall security of the site. |
| Insecure versions: | Up To 2.8.4 |
| Known since: | 2020-02-02 07:22:48 |
| Insecure versions: | Up To 2.7.5 |
| Known since: | 2020-02-02 07:22:35 |
| Insecure versions: | Up To 2.7.5 |
| Known since: | 2020-02-02 07:22:35 |
Elementor Page Builder: Safety Recommendations
We have rated Elementor Page Builder as Good (current version safe) which means that we have found vulnerabilities in older versions.
We recommend that you only use the latest version of Elementor Page Builder.
Elementor Page Builder: Staying Up-to-date
Make sure your installation of Elementor Page Builder is safe with the following free Jetpack services for WordPress sites:
- Updates & Management
Turn on auto-updates for Elementor Page Builder or manage in bulk. - Prevent Infiltrations
Automatic protection against brute force attacks and secure sign on.
Elementor Page Builder: Keeping Safe
If you're running a business, ecommerce, news, or other critical website, Jetpack also provides additional indispensable services:
- Automated Backups
Full backup of your entire site with unlimited storage space. - Restores & Migrations
Restore or migrate your site from a backup with one click. - Security Scanning
Regular, automated scans of your site for malware, threats, and hacks. - Expert Support
Fast, priority support for any WordPress security issue.
About this information
This WordPress security information is part of our security library and is brought to you by Jetpack as part of our committment to a safer WordPress experience.
If you have any questions, please do not hesitate to contact us.
Jetpack 