Is "Elementor Page Builder" safe?

Elementor Page Builder: Plugin Details

---

Type:	Plugin
Author:	Elementor.com
URL:	https://wordpress.org/plugins/elementor/
Latest Version:	3.18.0

 

Elementor Page Builder: Security Information

---

Insecure versions:	Up To 3.16.4
Known since:	2023-11-28 21:30:06

Insecure versions:	Up To 3.16.4
Known since:	2023-11-24 13:49:10

Insecure versions:	Up To 3.5.4
Known since:	2023-07-20 02:00:21

Insecure versions:	Up To 3.13.1
Known since:	2023-05-13 02:00:21

Insecure versions:	Up To 3.13.1
Known since:	2023-05-12 03:07:21
Description:	The plugin does not check user capabilities on several functions, allowing authenticated attackers with a low amount of privilege (such as Subscribers) to perform actions that should only be available to users with higher privileges.

Insecure versions:	Up To 3.12.1
Known since:	2023-05-03 02:00:44

Insecure versions:	Up To 3.5.5
Known since:	2022-06-14 08:41:19

Insecure versions:	Versions 3.6.0 - 3.6.2
Known since:	2022-04-14 06:42:57

Insecure versions:	Up To 3.1.3
Known since:	2021-10-21 19:05:57

Insecure versions:	Up To 3.1.1
Known since:	2021-03-18 10:40:24
Description:	The Elementor plugin prior to version 3.1.2 has multiple Authenticated Cross-Site Scripting vulnerabilities due to lack of input sanitization.

Insecure versions:	Up To 3.0.13
Known since:	2021-01-08 13:15:31

Insecure versions:	Up To 2.9.13
Known since:	2020-08-31 16:16:58
Description:	This version of the plugin is vulnerable to a stored XSS attack from authenticated attackers.

Insecure versions:	Up To 2.9.9
Known since:	2020-06-10 18:55:37
Description:	An author user can create custom links containing XSS payloads or apply custom attributes to widgets which could result in remote code execution in victims' browsers.

Insecure versions:	Up To 2.7.4
Known since:	2020-05-13 14:21:50
Description:	Due to the application not handling zip files with directories properly an attacker could upload php files which were executable, this allowed any user able to import templates (WordPress role “Contributor” or above) to execute commands on the underlying server.

Insecure versions:	Up To 2.9.7
Known since:	2020-05-06 21:50:54
Description:	Versions prior to 2.9.8 are prone to a broken access control vulnerability that could lead to stored XSS attacks via SVG image upload.

Insecure versions:	Up To 2.9.5
Known since:	2020-04-01 13:19:35
Description:	The Elementor WordPress plugin could allow an authenticated user to enable Safe Mode. This could allow the user to then disable plugins, which could include security plugins, which would weaken the overall security of the site.

Insecure versions:	Up To 2.8.4
Known since:	2020-02-02 07:22:48

Insecure versions:	Up To 2.7.5
Known since:	2020-02-02 07:22:35

Insecure versions:	Up To 2.7.5
Known since:	2020-02-02 07:22:35

 

Elementor Page Builder: Safety Recommendations

---

We have rated Elementor Page Builder as Good (current version safe) which means that we have found vulnerabilities in older versions.

We recommend that you only use the latest version of Elementor Page Builder.

Elementor Page Builder: Keeping Safe

---

If you're running a business, ecommerce, news, or other critical website, Jetpack also provides additional indispensable services:

• Automated Backups
  Full backup of your entire site with unlimited storage space.
• Restores & Migrations
  Restore or migrate your site from a backup with one click.
• Security Scanning
  Regular, automated scans of your site for malware, threats, and hacks.
• Expert Support
  Fast, priority support for any WordPress security issue.

Choose Your Plan