| CVE-2024-1429 | Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Panel Slider Widget | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2024-04-18 04:32:59 | Deep Dive |
| CVE-2024-3333📌 | Essential Addons for Elementor <= 5.9.14 - Authenticated (Contributor+) Store Cross-Site Scripting via Widget URL Attribute | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-04-17 11:34:23 | Deep Dive |
| CVE-2024-32505 | WordPress ElementsKit Elementor addons plugin <= 3.0.6 - Cross Site Scripting (XSS) vulnerability | Roxnor | ElementsKit Elementor addons Lite | Medium | 6.5 | 2024-04-17 09:54:18 | Deep Dive |
| CVE-2024-32508 | WordPress DethemeKit For Elementor plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability | deTheme | DethemeKit For Elementor | Medium | 6.5 | 2024-04-17 09:53:06 | Deep Dive |
| CVE-2024-32515 | WordPress Mega Addons For Elementor plugin <= 1.8 - Broken Access Control vulnerability | Qamar Sheeraz, Nasir Ahmad | Mega Addons For Elementor | Medium | 5.4 | 2024-04-17 07:41:51 | Deep Dive |
| CVE-2024-32557 | WordPress Exclusive Addons for Elementor plugin <= 2.6.9.2 - Cross Site Scripting (XSS) vulnerability | Exclusive Addons | Exclusive Addons Elementor | Medium | 6.5 | 2024-04-16 06:39:27 | Deep Dive |
| CVE-2024-31289 | WordPress Hello Elementor theme <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability | Elementor | Hello Elementor | Medium | 4.3 | 2024-04-12 12:36:40 | Deep Dive |
| CVE-2024-2137 | All-in-One Addons for Elementor – WidgetKit <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Widgets | shamsbd71 | All-in-One Addons for Elementor – WidgetKit | Medium | 6.4 | 2024-04-12 02:33:16 | Deep Dive |
| CVE-2024-2966 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.5.6 - Sensitive Information Exposure via element_pack_ajax_search | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 5.3 | 2024-04-11 07:31:36 | Deep Dive |
| CVE-2024-31278 | WordPress Premium Addons for Elementor plugin <= 4.10.22 - Sensitive Data Exposure vulnerability | Leap13 | Premium Addons for Elementor | Medium | 4.3 | 2024-04-10 15:36:28 | Deep Dive |
| CVE-2024-2655 | Elementor Addons by Livemesh <= 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name | livemesh | Livemesh Addons by Elementor | Medium | 6.4 | 2024-04-10 05:32:23 | Deep Dive |
| CVE-2024-2539 | Elementor Addons by Livemesh <= 8.3.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget _id attribute | livemesh | Livemesh Addons by Elementor | Medium | 6.4 | 2024-04-10 05:32:22 | Deep Dive |
| CVE-2024-2666 | Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | leap13 | Premium Addons for Elementor – Powerful Elementor Templates & Widgets | Medium | 5.4 | 2024-04-10 03:31:20 | Deep Dive |
| CVE-2024-2664 | Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) Stored Cross-Site Scripting | leap13 | Premium Addons for Elementor – Powerful Elementor Templates & Widgets | Medium | 6.4 | 2024-04-10 03:09:46 | Deep Dive |
| CVE-2024-2665 | Premium Addons for Elementor <= 4.10.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button | leap13 | Premium Addons for Elementor – Powerful Elementor Templates & Widgets | Medium | 6.4 | 2024-04-10 03:09:46 | Deep Dive |
| CVE-2024-2138 | JetWidgets For Elementor <= 1.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Box Widget | jetmonsters | JetWidgets For Elementor | Medium | 6.4 | 2024-04-09 18:59:35 | Deep Dive |
| CVE-2024-1498 | Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Photo Stack Widget | thehappymonster | Happy Addons for Elementor | Medium | 6.4 | 2024-04-09 18:59:33 | Deep Dive |
| CVE-2024-2787 | Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title HTML Tag | thehappymonster | Happy Addons for Elementor | Medium | 6.4 | 2024-04-09 18:59:31 | Deep Dive |
| CVE-2024-1458 | Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Widget | livemesh | Livemesh Addons by Elementor | Medium | 6.4 | 2024-04-09 18:59:29 | Deep Dive |
| CVE-2024-2792 | Elementor Addon Elements <= 1.13.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Text Separator' and 'Image Compare' Widget | wpvibes | Addon Elements for Elementor (formerly Elementor Addon Elements) | Medium | 6.4 | 2024-04-09 18:59:28 | Deep Dive |