| CVE-2025-8068 | HT Mega – Absolute Addons For Elementor <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions | devitemsllc | HT Mega Addons for Elementor – Elementor Widgets & Template Builder | Medium | 4.3 | 2025-07-31 11:19:13 | Deep Dive |
| CVE-2025-8151 | HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions | devitemsllc | HT Mega Addons for Elementor – Elementor Widgets & Template Builder | Medium | 4.3 | 2025-07-31 11:19:12 | Deep Dive |
| CVE-2025-5684 | MetForm <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM Element | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.4 | 2025-07-29 19:42:34 | Deep Dive |
| CVE-2025-8196 | Magical Addons For Elementor <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes | nalam-1 | Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) | Medium | 6.4 | 2025-07-29 09:23:46 | Deep Dive |
| CVE-2025-8216 | Sky Addons for Elementor <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | wowdevs | Sky Addons – Elementor Addons with Widgets & Templates | Medium | 6.4 | 2025-07-29 09:23:45 | Deep Dive |
| CVE-2025-4566 | Elementor <= 3.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path Widget | elemntor | Elementor Website Builder – more than just a page builder | Medium | 6.4 | 2025-07-29 04:23:46 | Deep Dive |
| CVE-2025-3075 | Elementor <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | elemntor | Elementor Website Builder – more than just a page builder | Medium | 6.4 | 2025-07-29 04:23:45 | Deep Dive |
| CVE-2025-3614 | ElementsKit Elementor Addons and Templates <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget | roxnor | ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor | Medium | 6.4 | 2025-07-24 22:23:37 | Deep Dive |
| CVE-2025-7644 | Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery | Medium | 6.4 | 2025-07-22 04:25:08 | Deep Dive |
| CVE-2025-7697 | Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 - Unauthenticated PHP Object Injection via verify_field_val Function | crmperks | Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms | Critical | 9.8 | 2025-07-19 04:23:03 | Deep Dive |
| CVE-2025-7696 | Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.2.3 - Unauthenticated PHP Object Injection via verify_field_val Function | crmperks | Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms | Critical | 9.8 | 2025-07-19 04:23:02 | Deep Dive |
| CVE-2025-48295 | WordPress Easy Elementor Addons plugin <= 2.2.5 - Cross Site Scripting (XSS) Vulnerability | hashthemes | Easy Elementor Addons | Medium | 6.5 | 2025-07-16 10:36:54 | Deep Dive |
| CVE-2025-54050 | WordPress Responsive Addons for Elementor plugin <= 1.7.3 - Cross Site Scripting (XSS) Vulnerability | CyberChimps | Responsive Addons for Elementor | Medium | 6.5 | 2025-07-16 10:36:52 | Deep Dive |
| CVE-2025-54037 | WordPress News Kit Elementor Addons plugin <= 1.3.4 - Broken Access Control Vulnerability | blazethemes | News Kit Elementor Addons | Medium | 5.4 | 2025-07-16 10:36:49 | Deep Dive |
| CVE-2025-54033 | WordPress Theme Builder For Elementor plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) Vulnerability | BlocksWP | Theme Builder For Elementor | Medium | 6.5 | 2025-07-16 10:36:47 | Deep Dive |
| CVE-2025-53989 | WordPress JetBlocks For Elementor plugin <= 1.3.19 - Cross Site Scripting (XSS) Vulnerability | Crocoblock | JetBlocks For Elementor | Medium | 6.5 | 2025-07-16 10:36:37 | Deep Dive |
| CVE-2025-53982 | WordPress JetElements For Elementor plugin <= 2.7.7 - Cross Site Scripting (XSS) Vulnerability | Crocoblock | JetElements For Elementor | Medium | 6.5 | 2025-07-16 10:36:10 | Deep Dive |
| CVE-2025-5284 | Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations <= 2.0.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | litonice13 | Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits | Medium | 6.4 | 2025-07-16 09:22:56 | Deep Dive |
| CVE-2025-7360 | HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Directory Traversal to Arbitrary File Move | htplugins | HT Contact Form – Drag & Drop Form Builder for WordPress | Critical | 9.1 | 2025-07-15 04:23:42 | Deep Dive |
| CVE-2025-7340📌 | HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Upload | htplugins | HT Contact Form – Drag & Drop Form Builder for WordPress | Critical | 9.8 | 2025-07-15 04:23:42 | Deep Dive |