| CVE-2023-34012 | WordPress Premium Addons PRO Plugin <= 2.8.24 is vulnerable to Cross Site Scripting (XSS) | Premium Addons for Elementor | Premium Addons PRO | High | 7.1 | 2023-06-23 11:24:52 | Deep Dive |
| CVE-2023-3295 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload | unitecms | Unlimited Elements For Elementor | High | 8.8 | 2023-06-17 01:48:18 | Deep Dive |
| CVE-2023-0692 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_payment_status' shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 4.3 | 2023-06-09 05:33:37 | Deep Dive |
| CVE-2023-0721 | Metform Elementor Contact Form Builder <= 3.3.0 - Unauthenticated CSV Injection | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | High | 8.3 | 2023-06-09 05:33:34 | Deep Dive |
| CVE-2023-1169 | OoohBoi Steroids for Elementor <= 2.1.4 - Missing Authorization leading to Authenticated (Subscriber+) Image Upload | sagarpatel124 | OoohBoi Steroids for Elementor | Medium | 4.3 | 2023-06-09 05:33:32 | Deep Dive |
| CVE-2023-1807 | Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Cross-Site Request Forgery via toggle_widget | staxwp | Stax Addons for Elementor | Medium | 4.3 | 2023-06-09 05:33:32 | Deep Dive |
| CVE-2023-0708 | Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_first_name shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.4 | 2023-06-09 05:33:28 | Deep Dive |
| CVE-2023-2189 | Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Missing Authorization in toggle_widget | staxwp | Stax Addons for Elementor | Medium | 4.3 | 2023-06-09 05:33:25 | Deep Dive |
| CVE-2023-0691 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_last_name shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 4.3 | 2023-06-09 05:33:24 | Deep Dive |
| CVE-2023-0710 | Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_thankyou shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 4.9 | 2023-06-09 05:33:24 | Deep Dive |
| CVE-2023-0688 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_thankyou shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.5 | 2023-06-09 05:33:23 | Deep Dive |
| CVE-2023-1843 | Metform Elementor Contact Form Builder <= 3.3.0 - Missing Authorization | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.5 | 2023-06-09 05:33:19 | Deep Dive |
| CVE-2023-0709 | Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_last_name shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.4 | 2023-06-09 05:33:14 | Deep Dive |
| CVE-2023-0693 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_transaction_id' shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.5 | 2023-06-09 05:33:13 | Deep Dive |
| CVE-2023-0694 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.5 | 2023-06-09 05:33:12 | Deep Dive |
| CVE-2023-0695 | Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.4 | 2023-06-09 05:33:12 | Deep Dive |
| CVE-2022-4950 | Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation | narinder-singh | The Events Calendar Events Notification Bar Addon | High | 8.8 | 2023-06-07 01:51:53 | Deep Dive |
| CVE-2023-3124📌 | Elementor Pro <= 3.11.6 - Authenticated(Subscriber+) Privilege Escalation via update_page_option EPSS 0.26 | https://elementor.com/ | Elementor Website Builder Pro | High | 8.8 | 2023-06-07 01:51:21 | Deep Dive |
| CVE-2020-36703 | Elementor Website Builder <= 2.9.7 - Authenticated Stored Cross-Site Scripting | elemntor | Elementor Website Builder – more than just a page builder | Medium | 6.4 | 2023-06-07 01:51:17 | Deep Dive |
| CVE-2023-0443 | AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure | Unknown | AnyWhere Elementor | 中危 | - | 2023-05-30 07:49:19 | Deep Dive |