| CVE-2025-5938 | Digital Marketing and Agency Templates Addons for Elementor <= 1.1.1 - Cross-Site Request Forgery to Import | themebon | Digital Marketing and Agency Templates Addons for Elementor | Medium | 5.3 | 2025-06-13 01:47:51 | Deep Dive |
| CVE-2025-4774 | Premium Addons for Elementor <= 4.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget | leap13 | Premium Addons for Elementor – Powerful Elementor Templates & Widgets | Medium | 6.4 | 2025-06-10 11:22:52 | Deep Dive |
| CVE-2025-3076 | Elementor Pro <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | https://elementor.com/ | Elementor Website Builder Pro | Medium | 6.4 | 2025-06-10 04:23:10 | Deep Dive |
| CVE-2024-9993 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Event Calendar Widget | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2025-06-07 11:17:51 | Deep Dive |
| CVE-2024-9994 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Pricing Table Widget | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2025-06-07 11:17:50 | Deep Dive |
| CVE-2025-30948 | WordPress Layouts for Elementor plugin <= 1.11 - Cross Site Request Forgery (CSRF) Vulnerability | Giraphix Creative | Layouts for Elementor | Medium | 4.3 | 2025-06-06 12:54:13 | Deep Dive |
| CVE-2025-49262 | WordPress Sina Extension for Elementor plugin <= 3.6.1 - Cross Site Scripting (XSS) Vulnerability | shaonsina | Sina Extension for Elementor | High | 7.6 | 2025-06-06 12:53:38 | Deep Dive |
| CVE-2025-49076 | WordPress The Plus Addons for Elementor Page Builder Lite plugin <= 6.2.7 - Cross Site Scripting (XSS) vulnerability | POSIMYTH | The Plus Addons for Elementor Page Builder Lite | Medium | 6.5 | 2025-06-06 11:36:40 | Deep Dive |
| CVE-2025-5340 | Music Player for Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via album_buy_url Parameter | smartwpress | Music Player for Elementor – Audio Player & Podcast Player | Medium | 6.4 | 2025-06-03 11:22:25 | Deep Dive |
| CVE-2025-5290 | Borderless – Elementor Addons and Templates <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | visualmodo | Borderless – Addons and Templates for Elementor | Medium | 6.4 | 2025-05-31 07:22:12 | Deep Dive |
| CVE-2025-3813 | Royal Elementor Addons and Templates <= 1.7.1020 - Authenticated (Contributor+) Stored Cross-Site Scripting | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.4 | 2025-05-31 07:22:12 | Deep Dive |
| CVE-2025-5292 | Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder <= 5.11.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2025-05-31 06:40:57 | Deep Dive |
| CVE-2025-4944 | LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Compare and Google Maps Widgets | choijun | LA-Studio Element Kit for Elementor | Medium | 6.4 | 2025-05-30 11:15:10 | Deep Dive |
| CVE-2025-4943 | LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-lakit-element-link Parameter | choijun | LA-Studio Element Kit for Elementor | Medium | 6.4 | 2025-05-30 06:42:49 | Deep Dive |
| CVE-2025-4659 | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.4 - Unauthenticated Full Path Disclosure | crmperks | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms | Medium | 5.3 | 2025-05-30 05:23:20 | Deep Dive |
| CVE-2025-4783 | Exclusive Addons for Elementor <= 2.7.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget | timstrifler | Exclusive Addons for Elementor | Medium | 6.4 | 2025-05-26 23:22:38 | Deep Dive |
| CVE-2025-31636 | WordPress WP Post Modules for Elementor plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability | SaurabhSharma | WP Post Modules for Elementor | High | 7.1 | 2025-05-23 12:44:04 | Deep Dive |
| CVE-2025-47492 | WordPress Drag and Drop File Upload for Elementor Forms plugin <= 1.4.3 - Arbitrary File Deletion Vulnerability | add-ons.org | Drag and Drop File Upload for Elementor Forms | High | 8.6 | 2025-05-23 12:43:35 | Deep Dive |
| CVE-2025-39447 | WordPress JetElements For Elementor plugin <= 2.7.4.1 - Broken Access Control Vulnerability | Crocoblock | JetElements For Elementor | High | 7.5 | 2025-05-19 18:51:32 | Deep Dive |
| CVE-2025-39451 | WordPress JetBlocks For Elementor plugin <= 1.3.16 - Broken Access Control Vulnerability | Crocoblock | JetBlocks For Elementor | High | 7.5 | 2025-05-19 18:48:49 | Deep Dive |