| CVE-2025-63042 | WordPress Tutor LMS Elementor Addons plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability | Themeum | Tutor LMS Elementor Addons | Medium | 6.5 | 2025-12-09 14:52:31 | Deep Dive |
| CVE-2025-63044 | WordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Cross Site Scripting (XSS) vulnerability | Xpro | Xpro Elementor Addons | Medium | 6.5 | 2025-12-09 14:52:31 | Deep Dive |
| CVE-2025-63033 | WordPress Make Section & Column Clickable For Elementor plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability | Riyadh Ahmed | Make Section & Column Clickable For Elementor | Medium | 5.9 | 2025-12-09 14:52:30 | Deep Dive |
| CVE-2025-67594 | WordPress Thim Elementor Kit plugin <= 1.3.3 - Insecure Direct Object References (IDOR) vulnerability | ThimPress | Thim Elementor Kit | Medium | 4.3 | 2025-12-09 14:14:18 | Deep Dive |
| CVE-2025-67588 | WordPress Elementor Website Builder plugin <= 3.33.0 - Broken Access Control vulnerability | Elementor | Elementor Website Builder | Medium | 4.3 | 2025-12-09 14:14:17 | Deep Dive |
| CVE-2025-67540 | WordPress Animation Addons for Elementor plugin <= 2.4.5 - Arbitrary Content Deletion vulnerability | Wealcoder | Animation Addons for Elementor | Medium | 6.5 | 2025-12-09 14:14:05 | Deep Dive |
| CVE-2025-67524 | WordPress Jobmonster Elementor Addon plugin <= 1.1.4 - Local File Inclusion vulnerability | NooTheme | Jobmonster Elementor Addon | High | 7.5 | 2025-12-09 14:14:00 | Deep Dive |
| CVE-2025-67468 | WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.6 - Broken Access Control vulnerability | CRM Perks | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms | Medium | 4.3 | 2025-12-09 14:13:56 | Deep Dive |
| CVE-2025-13065 | Starter Templates <= 4.4.41 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass | brainstormforce | Starter Templates – AI-Powered Templates for Elementor & Gutenberg | High | 8.8 | 2025-12-06 09:25:58 | Deep Dive |
| CVE-2025-12358 | ShopEngine <= 4.8.5 - Cross-Site Request Forgery to Wishlist Manipulation | roxnor | ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution | Medium | 4.3 | 2025-12-03 12:29:56 | Deep Dive |
| CVE-2025-13692 | Unlimited Elements For Elementor and Unlimited Elements For Elementor (Premium) <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload | unitecms | Unlimited Elements for Elementor (Premium) | High | 7.2 | 2025-11-27 13:53:13 | Deep Dive |
| CVE-2025-12964 | Magical Products Display <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget | nalam-1 | Magical Shop Builder – WooCommerce Template Builder for Elementor | Shop, Cart, Checkout & Product Page Builder | Medium | 6.4 | 2025-11-21 09:27:01 | Deep Dive |
| CVE-2025-13141 | HT Mega – Absolute Addons For Elementor <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tag Attribute Injection | devitemsllc | HT Mega Addons for Elementor – Elementor Widgets & Template Builder | Medium | 6.4 | 2025-11-21 08:28:14 | Deep Dive |
| CVE-2025-5092 | Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library | lightgalleryteam | LightGallery WP | Medium | 6.4 | 2025-11-20 06:38:42 | Deep Dive |
| CVE-2025-12778 | Ultimate Member Widgets for Elementor <= 2.3 - Missing Authorization to Unauthenticated Information Exposure | userelements | Ultimate Member Widgets for Elementor – WordPress User Directory | Medium | 5.3 | 2025-11-20 04:37:14 | Deep Dive |
| CVE-2025-6251 | Royal Elementor Addons and Templates <= 1.7.1036 - Authenticated (Contributor+) Stored Cross-Site Scripting | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.4 | 2025-11-19 03:29:40 | Deep Dive |
| CVE-2025-13196 | Element Pack Addons for Elementor <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 5.4 | 2025-11-18 09:27:36 | Deep Dive |
| CVE-2025-64274 | WordPress WPKoi Templates for Elementor plugin <= 3.4.4 - Broken Access Control vulnerability | wpkoithemes | WPKoi Templates for Elementor | Medium | 4.3 | 2025-11-13 09:24:31 | Deep Dive |
| CVE-2025-11997 | Document Pro Elementor – Documentation & Knowledge Base <= 1.0.9 - Unauthenticated Information Exposure | ngothoai | Document Pro Elementor – Documentation & Knowledge Base | Medium | 5.3 | 2025-11-11 03:30:40 | Deep Dive |
| CVE-2025-12837 | aThemes Addons for Elementor <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget | smub | aThemes Addons for Elementor | Medium | 6.4 | 2025-11-08 09:28:11 | Deep Dive |