| CVE-2024-1326 | Jeg Elementor Kit <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags | jegtheme | Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress | Medium | 6.4 | 2024-03-12 23:33:52 | Deep Dive |
| CVE-2024-1421 | HT Mega – Absolute Addons For Elementor <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Carousel Widget | devitemsllc | HT Mega Addons for Elementor – Elementor Widgets & Template Builder | Medium | 6.4 | 2024-03-12 22:32:27 | Deep Dive |
| CVE-2024-1397 | HT Mega <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleTag | devitemsllc | HT Mega Addons for Elementor – Elementor Widgets & Template Builder | Medium | 6.4 | 2024-03-12 22:32:26 | Deep Dive |
| CVE-2024-1802 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Wistia Block | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-03-07 20:33:26 | Deep Dive |
| CVE-2024-2128 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-03-07 19:32:59 | Deep Dive |
| CVE-2024-2136 | WPKoi Templates for Elementor <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Heading Widget | wpkoithemes | WPKoi Templates for Elementor | Medium | 6.4 | 2024-03-07 08:34:52 | Deep Dive |
| CVE-2024-1419 | The Plus Addons for Elementor <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Header Meta Content Widget | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-03-07 06:59:48 | Deep Dive |
| CVE-2024-1506 | Prime Slider – Addons For Elementor <= 3.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget | bdthemes | Prime Slider – Addons for Elementor | Medium | 6.4 | 2024-03-07 06:59:45 | Deep Dive |
| CVE-2024-1377 | Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Meta Widget | thehappymonster | Happy Addons for Elementor | Medium | 6.4 | 2024-03-07 05:32:40 | Deep Dive |
| CVE-2024-1500 | Royal Elementor Addons and Templates <= 1.3.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Logo Widget | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 5.4 | 2024-03-07 05:32:40 | Deep Dive |
| CVE-2024-1366 | Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Archive Title Widget | thehappymonster | Happy Addons for Elementor | Medium | 6.4 | 2024-03-07 05:32:39 | Deep Dive |
| CVE-2024-1398 | Ultimate Bootstrap Elements for Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | g5theme | Ultimate Bootstrap Elements for Elementor | Medium | 6.4 | 2024-03-02 12:39:59 | Deep Dive |
| CVE-2023-51529 | WordPress HT Mega Plugin <= 2.3.3 is vulnerable to Cross Site Request Forgery (CSRF) | HasThemes | HT Mega – Absolute Addons For Elementor | Medium | 4.3 | 2024-02-29 04:45:06 | Deep Dive |
| CVE-2024-0767 | Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_plugin_activation | envothemes | Envo's Templates & Widgets for Elementor and WooCommerce | Medium | 4.3 | 2024-02-28 08:33:13 | Deep Dive |
| CVE-2024-0766 | Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Missing Authorization via templates_ajax_request | envothemes | Envo's Templates & Widgets for Elementor and WooCommerce | Medium | 4.3 | 2024-02-28 08:33:11 | Deep Dive |
| CVE-2024-0768 | Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_theme_activation | envothemes | Envo's Templates & Widgets for Elementor and WooCommerce | Medium | 4.3 | 2024-02-28 08:33:09 | Deep Dive |
| CVE-2024-1698📌💣 | NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor <= 2.8.2 - Unauthenticated SQL Injection EPSS 0.94 | wpdevteam | NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar | Critical | 9.8 | 2024-02-27 05:33:12 | Deep Dive |
| CVE-2024-24843 | WordPress PowerPack Pro for Elementor Plugin < 2.10.8 is vulnerable to Cross Site Request Forgery (CSRF) | PowerPack Addons for Elementor | PowerPack Pro for Elementor | High | 7.1 | 2024-02-21 07:07:56 | Deep Dive |
| CVE-2024-1171 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 5.4 | 2024-02-20 18:56:51 | Deep Dive |
| CVE-2024-1172 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 5.4 | 2024-02-20 18:56:50 | Deep Dive |