Is "Elementor Page Builder" safe?

WordPress Plugin security and safety information.

Rating: Good (current version safe) Recommendations

Elementor Page Builder: Plugin Details

Type: Plugin
Latest Version: 3.18.0


Elementor Page Builder: Security Information

Insecure versions: Up To 3.16.4
Known since: 2023-11-28 21:30:06

Insecure versions: Up To 3.16.4
Known since: 2023-11-24 13:49:10

Insecure versions: Up To 3.5.4
Known since: 2023-07-20 02:00:21

Insecure versions: Up To 3.13.1
Known since: 2023-05-13 02:00:21

Insecure versions: Up To 3.13.1
Known since: 2023-05-12 03:07:21
Description: The plugin does not check user capabilities on several functions, allowing authenticated attackers with a low amount of privilege (such as Subscribers) to perform actions that should only be available to users with higher privileges.

Insecure versions: Up To 3.12.1
Known since: 2023-05-03 02:00:44

Insecure versions: Up To 3.5.5
Known since: 2022-06-14 08:41:19

Insecure versions: Versions 3.6.0 - 3.6.2
Known since: 2022-04-14 06:42:57

Insecure versions: Up To 3.1.3
Known since: 2021-10-21 19:05:57

Insecure versions: Up To 3.1.1
Known since: 2021-03-18 10:40:24
Description: The Elementor plugin prior to version 3.1.2 has multiple Authenticated Cross-Site Scripting vulnerabilities due to lack of input sanitization.

Insecure versions: Up To 3.0.13
Known since: 2021-01-08 13:15:31

Insecure versions: Up To 2.9.13
Known since: 2020-08-31 16:16:58
Description: This version of the plugin is vulnerable to a stored XSS attack from authenticated attackers.

Insecure versions: Up To 2.9.9
Known since: 2020-06-10 18:55:37
Description: An author user can create custom links containing XSS payloads or apply custom attributes to widgets which could result in remote code execution in victims' browsers.

Insecure versions: Up To 2.7.4
Known since: 2020-05-13 14:21:50
Description: Due to the application not handling zip files with directories properly an attacker could upload php files which were executable, this allowed any user able to import templates (WordPress role “Contributor” or above) to execute commands on the underlying server.

Insecure versions: Up To 2.9.7
Known since: 2020-05-06 21:50:54
Description: Versions prior to 2.9.8 are prone to a broken access control vulnerability that could lead to stored XSS attacks via SVG image upload.

Insecure versions: Up To 2.9.5
Known since: 2020-04-01 13:19:35
Description: The Elementor WordPress plugin could allow an authenticated user to enable Safe Mode. This could allow the user to then disable plugins, which could include security plugins, which would weaken the overall security of the site.

Insecure versions: Up To 2.8.4
Known since: 2020-02-02 07:22:48

Insecure versions: Up To 2.7.5
Known since: 2020-02-02 07:22:35

Insecure versions: Up To 2.7.5
Known since: 2020-02-02 07:22:35


Elementor Page Builder: Safety Recommendations

We have rated Elementor Page Builder as Good (current version safe) which means that we have found vulnerabilities in older versions.

We recommend that you only use the latest version of Elementor Page Builder.

Elementor Page Builder: Staying Up-to-date

Make sure your installation of Elementor Page Builder is safe with the following free Jetpack services for WordPress sites:
  • Updates & Management
    Turn on auto-updates for Elementor Page Builder or manage in bulk.
  • Prevent Infiltrations
    Automatic protection against brute force attacks and secure sign on.

Choose Your Plan

Elementor Page Builder: Keeping Safe

If you're running a business, ecommerce, news, or other critical website, Jetpack also provides additional indispensable services:
  • Automated Backups
    Full backup of your entire site with unlimited storage space.
  • Restores & Migrations
    Restore or migrate your site from a backup with one click.
  • Security Scanning
    Regular, automated scans of your site for malware, threats, and hacks.
  • Expert Support
    Fast, priority support for any WordPress security issue.

Choose Your Plan

About this information

This WordPress security information is part of our security library and is brought to you by Jetpack as part of our committment to a safer WordPress experience.

If you have any questions, please do not hesitate to contact us.