Elementor Website Builder allows hackers to inject malicious code on websites

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.5

Elementor Website Builder allows hackers to inject malicious code on websites

CVE-2024-50555

Summary

A security issue in Elementor Website Builder allows hackers to inject malicious code into websites built with the tool. This could lead to unauthorized actions being performed on a website, such as stealing user data or displaying unwanted content. To protect your website, update Elementor Website Builder to the latest version.

Original title

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor We...

Original description

nvd CVSS3.1 6.5

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/Wordpress/Plugin/elementor/vulnerability/wordpre...

Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026