Title: Veracode vulnerabilities in elementor plugin
Last modified: July 4, 2025

---

# Veracode vulnerabilities in elementor plugin

 *  Resolved [mullevamshi](https://wordpress.org/support/users/mullevamshi/)
 * (@mullevamshi)
 * [10 months, 3 weeks ago](https://wordpress.org/support/topic/veracode-vulnerabilities-in-elementor-plugin/)
 * Hi Team,
 * We are having multiple veracode vulnerabilities in elementor plugin in latest
   version too. Please find below of some
 * CWE 73 External Control of File Name or Path
 * ![](https://wordpress.org/cb80cf6d-2049-4c41-8416-1e70f7f68489)
 * ![](https://wordpress.org/cdf812b8-2141-450d-b737-e183e7654dd4)
 * Thanks & Regards,
 * Vamshi Mulle

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Plugin Support [Milos](https://wordpress.org/support/users/miloss84/)
 * (@miloss84)
 * [10 months, 3 weeks ago](https://wordpress.org/support/topic/veracode-vulnerabilities-in-elementor-plugin/#post-18540979)
 * Hi there,
 * Thanks for contacting us and hope you are doing well and having a great day.
 * To rule out the possibility of a plugin or theme conflict, please deactivate 
   all your plugins (besides Elementor ). If it solves the issue reactivate them
   one by one to find the culprit. If it didn’t help, switch your theme (temporarily)
   to a default WP theme such as Twenty Nineteen and see if it makes any difference.
 * Also, this could happen due to our Elementor performance experiments you can 
   try to deactivate them. To deactivate them you can go to Elementor > settings
   > features
 * Performance features currently in the experimental stage are:
    - Element Caching – Elements caching reduces loading times by serving up a copy
      of an element instead of rendering it fresh every time the page is loaded.
      When active, Elementor will determine which elements can benefit from static
      loading – but you can override this.
    - [Inline Font Icons](https://elementor.com/help/inline-font-awesome/) – This
      experiment renders icons as SVGs without loading the Font-Awesome and eicons
      libraries. Since SVGs are vector-based images which are rendered using the
      browser’s engine, they do not increase server requests which improves performance
 * I am looking forward to hearing back from you soon.
 * Kind regards,
 *  Thread Starter [mullevamshi](https://wordpress.org/support/users/mullevamshi/)
 * (@mullevamshi)
 * [10 months ago](https://wordpress.org/support/topic/veracode-vulnerabilities-in-elementor-plugin/#post-18567514)
 * Hi Milos,
   Thank you for explaining. I can see the performance features are already
   in deactivate state. PFB screenshot. and still we have those vulnerabilities.
   Please help
 * ![](https://wordpress.org/a028888f-bbca-4e20-9274-49b211770679)
 * 
   Regards,Vamshi Mulle
    -  This reply was modified 10 months ago by [mullevamshi](https://wordpress.org/support/users/mullevamshi/).
 *  Thread Starter [mullevamshi](https://wordpress.org/support/users/mullevamshi/)
 * (@mullevamshi)
 * [9 months, 4 weeks ago](https://wordpress.org/support/topic/veracode-vulnerabilities-in-elementor-plugin/#post-18573522)
 * Hi Milos,
   Please help.
 *  Thread Starter [mullevamshi](https://wordpress.org/support/users/mullevamshi/)
 * (@mullevamshi)
 * [9 months, 3 weeks ago](https://wordpress.org/support/topic/veracode-vulnerabilities-in-elementor-plugin/#post-18577285)
 * Hi Team,
   Please help resolving this.Thanks
 *  [Sergiov](https://wordpress.org/support/users/sve01/)
 * (@sve01)
 * [9 months, 2 weeks ago](https://wordpress.org/support/topic/veracode-vulnerabilities-in-elementor-plugin/#post-18588619)
 * I’m Sergio from the Elementor Support team.
 * Since this is a potential **security vulnerability** in Elementor, please note
   that it falls outside the scope of our standard support. However, we take these
   reports very seriously. You can submit the vulnerability by following the steps
   in our Bug Bounty Program:
 * 🔗 [https://elementor.com/bug-bounty-programs/](https://elementor.com/bug-bounty-programs/)
 * Thank you for choosing Elementor!

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Veracode vulnerabilities in elementor plugin’ is closed to new replies.

 * ![](https://ps.w.org/elementor/assets/icon-256x256.gif?rev=3444228)
 * [Elementor Website Builder - more than just a page builder](https://wordpress.org/plugins/elementor/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/elementor/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/elementor/)
 * [Active Topics](https://wordpress.org/support/plugin/elementor/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/elementor/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/elementor/reviews/)

 * 7 replies
 * 3 participants
 * Last reply from: [Sergiov](https://wordpress.org/support/users/sve01/)
 * Last activity: [9 months, 2 weeks ago](https://wordpress.org/support/topic/veracode-vulnerabilities-in-elementor-plugin/#post-18588619)
 * Status: resolved