| CVE-2024-2923 | Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) <= 1.1.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Effect Widget | nalam-1 | Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) | Medium | 6.4 | 2024-05-09 20:03:32 | Deep Dive |
| CVE-2024-4339 | Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | Prime Slider – Addons for Elementor | Medium | 6.4 | 2024-05-09 20:03:31 | Deep Dive |
| CVE-2024-3831 | Enter Addons – Ultimate Template Builder for Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading widget | themelooks | Enter Addons – Ultimate Template Builder for Elementor | Medium | 6.4 | 2024-05-09 20:03:29 | Deep Dive |
| CVE-2024-1166 | Image Hover Effects - Elementor Addon <= 1.4.1 - Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget | blocksera | Image Hover Effects – Elementor Addon | Medium | 6.4 | 2024-05-09 20:03:25 | Deep Dive |
| CVE-2024-4316 | EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-05-09 20:03:23 | Deep Dive |
| CVE-2023-6327 | ShopLentor (formerly WooLentor) <= 2.8.7 - Missing Authorization via purchased_new_products | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 5.3 | 2024-05-09 20:03:22 | Deep Dive |
| CVE-2024-3680 | Enter Addons – Ultimate Template Builder for Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animation Title widget img tag | themelooks | Enter Addons – Ultimate Template Builder for Elementor | Medium | 6.4 | 2024-05-09 20:03:22 | Deep Dive |
| CVE-2024-4107 | Elementor Website Builder Pro <= 3.21.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | https://elementor.com/ | Elementor Website Builder Pro | Medium | 6.4 | 2024-05-09 20:03:19 | Deep Dive |
| CVE-2024-3989 | HT Mega – Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Justify | devitemsllc | HT Mega Addons for Elementor – Elementor Widgets & Template Builder | Medium | 6.4 | 2024-05-09 20:03:18 | Deep Dive |
| CVE-2024-4606 | WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder plugin <= 2.0.3 - PHP Object Injection vulnerability | BdThemes | Ultimate Store Kit Elementor Addons | Medium | 5.4 | 2024-05-09 11:59:19 | Deep Dive |
| CVE-2024-34415 | WordPress Thim Elementor Kit plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability | ThimPress | Thim Elementor Kit | Medium | 6.5 | 2024-05-09 11:34:52 | Deep Dive |
| CVE-2024-34432 | WordPress Better Elementor Addons plugin <= 1.4.4 - Cross Site Scripting (XSS) vulnerability | BetterAddons | Better Elementor Addons | Medium | 6.5 | 2024-05-09 11:06:53 | Deep Dive |
| CVE-2024-34436 | WordPress SKT Addons for Elementor plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability | SKT Themes | SKT Addons for Elementor | Medium | 6.5 | 2024-05-09 11:05:34 | Deep Dive |
| CVE-2024-34445 | WordPress SKT Addons for Elementor plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability | SKT Themes | SKT Addons for Elementor | Medium | 6.5 | 2024-05-09 11:00:34 | Deep Dive |
| CVE-2024-24833 | WordPress Happy Addons for Elementor plugin <= 3.10.1 - Broken Access Control on Post Clone vulnerability | HappyMonster | Happy Addons for Elementor | Medium | 4.3 | 2024-05-08 13:28:22 | Deep Dive |
| CVE-2024-34547 | WordPress Magical Addons For Elementor plugin <= 1.1.34 - Cross Site Scripting (XSS) vulnerability | Noor alam | Magical Addons For Elementor | Medium | 6.5 | 2024-05-08 11:31:10 | Deep Dive |
| CVE-2024-34562 | WordPress Move Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability | Moveaddons | Move Addons for Elementor | Medium | 6.5 | 2024-05-08 11:08:15 | Deep Dive |
| CVE-2024-34563 | WordPress Gold Addons for Elementor plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability | GoldAddons | Gold Addons for Elementor | Medium | 6.5 | 2024-05-08 11:06:30 | Deep Dive |
| CVE-2024-34570 | WordPress Xpro Elementor Addons plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability | Xpro | Xpro Elementor Addons | Medium | 5.9 | 2024-05-08 10:37:23 | Deep Dive |
| CVE-2024-34572 | WordPress Fancy Elementor Flipbox plugin <= 2.4.2 - Cross Site Scripting (XSS) vulnerability | ThemePrix | Fancy Elementor Flipbox | Medium | 6.5 | 2024-05-08 09:12:07 | Deep Dive |