| CVE-2024-4788 | Boostify Header Footer Builder for Elementor <= 1.3.5 - Missing Authorization to Page/Post Creation | duongancol | Boostify Header Footer Builder for Elementor | Medium | 4.3 | 2024-06-06 02:02:51 | Deep Dive |
| CVE-2024-35674 | WordPress Unlimited Elements For Elementor plugin <= 1.5.109 - Broken Access Control vulnerability | Unlimited Elements | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | Medium | 4.3 | 2024-06-05 16:19:34 | Deep Dive |
| CVE-2024-5571 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-06-05 08:33:16 | Deep Dive |
| CVE-2024-5006 | Boostify Header Footer Builder for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via size Parameter | duongancol | Boostify Header Footer Builder for Elementor | Medium | 6.4 | 2024-06-05 07:34:53 | Deep Dive |
| CVE-2024-30525 | WordPress Move Addons for Elementor plugin <= 1.2.9 - Broken Access Control vulnerability | moveaddons | Move Addons for Elementor | Medium | 5.3 | 2024-06-04 19:24:43 | Deep Dive |
| CVE-2024-30484 | WordPress RT Easy Builder plugin <= 2.0 - Broken Access Control vulnerability | - | RT Easy Builder – Advanced addons for Elementor | Medium | 4.3 | 2024-06-04 19:08:24 | Deep Dive |
| CVE-2024-35666 | WordPress Themesflat Addons For Elementor plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability | Themesflat | Themesflat Addons For Elementor | Medium | 6.5 | 2024-06-04 13:53:00 | Deep Dive |
| CVE-2024-35782 | WordPress Cowidgets – Elementor Addons plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability | Codeless | Cowidgets – Elementor Addons | Medium | 6.5 | 2024-06-04 13:46:24 | Deep Dive |
| CVE-2024-34384 | WordPress Sina Extension for Elementor plugin <= 3.5.1 - Local File Inclusion vulnerability | SinaExtra | Sina Extension for Elementor | Medium | 6.5 | 2024-06-04 13:17:11 | Deep Dive |
| CVE-2024-33541 | WordPress Better Elementor Addons plugin <= 1.4.1 - Local File Inclusion vulnerability | BetterAddons | Better Elementor Addons | Medium | 6.5 | 2024-06-04 13:04:16 | Deep Dive |
| CVE-2023-33930 | WordPress Unlimited Elements For Elementor plugin <= 1.5.66 - Unrestricted Zip Extraction vulnerability | Unlimited Elements | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | Critical | 9.1 | 2024-06-04 07:08:04 | Deep Dive |
| CVE-2024-4697 | Cowidgets – Elementor Addons <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via heading_tag Parameter | codelessthemes | Cowidgets – Elementor Addons | Medium | 6.4 | 2024-06-04 05:32:16 | Deep Dive |
| CVE-2024-34789 | WordPress Post Grid Elementor Addon plugin <= 2.0.16 - Cross Site Scripting (XSS) vulnerability | WP Hait | Post Grid Elementor Addon | Medium | 6.5 | 2024-06-03 10:58:28 | Deep Dive |
| CVE-2024-34791 | WordPress WPB Elementor Addons plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability | wpbean | WPB Elementor Addons | Medium | 6.5 | 2024-06-03 10:55:52 | Deep Dive |
| CVE-2024-5348 | Elements For Elementor <= 2.1 - Authenticated (Contributor+) Local File Inclusion via Multiple Widget Attributes | nicdark | Elements For Elementor | High | 8.8 | 2024-06-01 08:38:57 | Deep Dive |
| CVE-2024-4087 | Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting via Back to Top Widget | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.4 | 2024-06-01 05:38:11 | Deep Dive |
| CVE-2024-4342 | Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.4 | 2024-06-01 05:38:10 | Deep Dive |
| CVE-2024-5041 | Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion | thehappymonster | Happy Addons for Elementor | Medium | 6.4 | 2024-05-31 09:31:41 | Deep Dive |
| CVE-2024-5347 | Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation Widget | thehappymonster | Happy Addons for Elementor | Medium | 6.4 | 2024-05-31 09:31:39 | Deep Dive |
| CVE-2024-4376 | Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget | leap13 | Premium Addons for Elementor – Powerful Elementor Templates & Widgets | Medium | 6.4 | 2024-05-31 05:31:58 | Deep Dive |