| CVE-2024-29911 | WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Cross Site Scripting (XSS) vulnerability | Jewel Theme | Master Addons for Elementor | Medium | 6.5 | 2024-03-27 06:59:55 | Deep Dive |
| CVE-2024-1521 | Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Widget SVGZ File Upload | https://elementor.com/ | Elementor Website Builder Pro | Medium | 6.4 | 2024-03-27 06:40:51 | Deep Dive |
| CVE-2024-2120 | Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation | https://elementor.com/ | Elementor Website Builder Pro | Medium | 5.4 | 2024-03-27 06:40:50 | Deep Dive |
| CVE-2024-2121 | Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | https://elementor.com/ | Elementor Website Builder Pro | Medium | 5.4 | 2024-03-27 06:40:50 | Deep Dive |
| CVE-2024-2781 | Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via video_html_tag | https://elementor.com/ | Elementor Website Builder Pro | Medium | 6.4 | 2024-03-27 06:40:49 | Deep Dive |
| CVE-2024-1364 | Elementor Website Builder Pro <= 3.20.1 - Authententicated (Contributor+) Stored Cross-Site Scripting | https://elementor.com/ | Elementor Website Builder Pro | Medium | 6.4 | 2024-03-27 06:40:47 | Deep Dive |
| CVE-2024-2139 | Master Addons for Elementor <= 2.0.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget | litonice13 | Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits | Medium | 6.4 | 2024-03-27 01:56:47 | Deep Dive |
| CVE-2024-2203 | The Plus Addons for Elementor <= 5.4.1 - Authenticated (Contributor+) Local File Inclusion via Clients Widget | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-03-27 01:56:47 | Deep Dive |
| CVE-2024-2210 | The Plus Addons for Elementor <= 5.4.1 - Authenticated (Contributor+) Local File Inclusion via Team Member Listing | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-03-27 01:56:46 | Deep Dive |
| CVE-2023-48777📌💣 | WordPress Elementor plugin 3.3.0-3.18.1 - Arbitrary File Upload vulnerability EPSS 0.89 | Elementor.com | Elementor Website Builder | Critical | 9.9 | 2024-03-26 20:49:39 | Deep Dive |
| CVE-2023-52214 | WordPress Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.3 - Broken Access Control vulnerability | voidCoders | Void Contact Form 7 Widget For Elementor Page Builder | Medium | 4.3 | 2024-03-26 12:37:57 | Deep Dive |
| CVE-2024-30232 | WordPress Exclusive Addons for Elementor plugin <= 2.6.9 - Cross Site Scripting (XSS) vulnerability | Exclusive Addons | Exclusive Addons Elementor | Medium | 6.5 | 2024-03-26 12:01:59 | Deep Dive |
| CVE-2023-32237 | Auth. Stored Cross-Site Scripting (XSS) vulnerability in TheGem theme by CodexThemes | CodexThemes | TheGem (Elementor) | Medium | 5.4 | 2024-03-26 08:53:37 | Deep Dive |
| CVE-2024-24840 | WordPress Element Pack Elementor Addons plugin <= 5.4.11 - Broken Access Control on Duplicate Post vulnerability | BdThemes | Element Pack Elementor Addons | Medium | 4.3 | 2024-03-23 14:45:02 | Deep Dive |
| CVE-2024-2468 | EmbedPress <= 3.9.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Widget Attribute | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-03-23 02:32:56 | Deep Dive |
| CVE-2024-2688 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Authenticated (Contributor+) Stored Cross-site Scripting via 'embedpress_doc_custom_color' | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 5.4 | 2024-03-23 02:32:56 | Deep Dive |
| CVE-2024-2131 | Move Addons for Elementor <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | moveaddons | Move Addons for Elementor | Medium | 6.4 | 2024-03-23 01:57:40 | Deep Dive |
| CVE-2024-24883 | WordPress Prime Slider plugin <= 3.11.10 - Broken Access Control on Duplicate Post vulnerability | BdThemes | Prime Slider – Addons For Elementor | Medium | 4.3 | 2024-03-21 17:55:39 | Deep Dive |
| CVE-2024-2129 | WPBITS Addons For Elementor Page Builder <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpbits | WPBITS Addons For Elementor Page Builder | Medium | 6.4 | 2024-03-20 06:48:23 | Deep Dive |
| CVE-2024-29101 | WordPress Jeg Elementor Kit plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability | Jegtheme | Jeg Elementor Kit | Medium | 6.5 | 2024-03-19 15:50:53 | Deep Dive |