| CVE-2025-9978 | Jeg Elementor Kit < 2.7.0 - Author+ Stored XSS | Unknown | Jeg Kit for Elementor | 中危 | - | 2025-10-24 06:00:10 | Deep Dive |
| CVE-2025-62019 | WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.4.8 - Broken Access Control vulnerability | WPZOOM | Recipe Card Blocks for Gutenberg & Elementor | Medium | 6.5 | 2025-10-22 14:32:49 | Deep Dive |
| CVE-2025-59007 | WordPress TF Woo Product Grid Addon For Elementor Plugin <= 1.0.1 - Deserialization of untrusted data Vulnerability | themesflat | TF Woo Product Grid Addon For Elementor | Critical | 9.8 | 2025-10-22 14:32:37 | Deep Dive |
| CVE-2025-49939 | WordPress JetElements For Elementor plugin <= 2.7.8 - Cross Site Scripting (XSS) vulnerability | Crocoblock | JetElements For Elementor | Medium | 6.5 | 2025-10-22 14:32:17 | Deep Dive |
| CVE-2025-49934 | WordPress JetBlocks For Elementor plugin <= 1.3.18 - Cross Site Scripting (XSS) vulnerability | Crocoblock | JetBlocks For Elementor | Medium | 6.5 | 2025-10-22 14:32:16 | Deep Dive |
| CVE-2025-11536 | Element Pack Addons for Elementor <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 5.0 | 2025-10-20 21:23:48 | Deep Dive |
| CVE-2025-9698 | The Plus Addons for Elementor < 6.3.16 - Author+ Stored XSS | Unknown | The Plus Addons for Elementor | - | - | 2025-10-13 06:00:07 | Deep Dive |
| CVE-2025-9703 | Ultimate Addons for Elementor Lite < 2.5.0 - Author+ Stored XSS | Unknown | Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) | - | - | 2025-10-06 06:00:05 | Deep Dive |
| CVE-2025-9029 | WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.16 - Missing Authentication via wdkit_handle_review_submission Function | posimyththemes | WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder | Medium | 4.3 | 2025-10-04 02:24:38 | Deep Dive |
| CVE-2025-9204 | X Addons for Elementor <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Video ID Field | pencilwp | X Addons for Elementor | Medium | 6.4 | 2025-10-03 11:17:22 | Deep Dive |
| CVE-2025-9077 | Ultra Addons Lite for Elementor <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Field | ultrapressorg | Ultra Addons Lite for Elementor | Medium | 6.4 | 2025-10-03 11:17:12 | Deep Dive |
| CVE-2025-9045 | Easy Elementor Addons <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | hashthemes | Easy Elementor Addons – Addons Pack for Elementor Page Builder | Medium | 6.4 | 2025-10-03 11:17:07 | Deep Dive |
| CVE-2025-8214 | The Pack Elementor addon <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typing Letter Widget | webangon | The Pack Elementor addon | Medium | 6.4 | 2025-09-30 03:35:33 | Deep Dive |
| CVE-2025-8608 | Mihdan: Elementor Yandex Maps <= 1.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Marker Pins | mihdan | Maps from Yandex for Elementor | Medium | 6.4 | 2025-09-30 03:35:32 | Deep Dive |
| CVE-2025-60167 | WordPress Page Manager for Elementor Plugin <= 2.0.5 - Sensitive Data Exposure Vulnerability | honzat | Page Manager for Elementor | Medium | 4.3 | 2025-09-26 08:32:04 | Deep Dive |
| CVE-2025-60112 | WordPress aThemes Addons for Elementor Plugin <= 1.1.2 - Cross Site Scripting (XSS) Vulnerability | Syed Balkhi | aThemes Addons for Elementor | Medium | 6.5 | 2025-09-26 08:31:30 | Deep Dive |
| CVE-2025-60096 | WordPress TheGem (Elementor) Theme <= 5.10.5 - Broken Access Control Vulnerability | CodexThemes | TheGem (Elementor) | Medium | 5.4 | 2025-09-26 08:31:19 | Deep Dive |
| CVE-2025-10173 | ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.3 - Insufficient Authorization to Authenticated (Editor+) Settings Update | roxnor | ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution | Low | 2.7 | 2025-09-26 03:25:34 | Deep Dive |
| CVE-2025-8200 | Mega Elements – Addons for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget | kraftplugins | Mega Elements – Addons for Elementor | Medium | 6.4 | 2025-09-26 01:47:27 | Deep Dive |
| CVE-2025-58973 | WordPress Easy Elementor Addons Plugin <= 2.2.8 - Local File Inclusion Vulnerability | hashthemes | Easy Elementor Addons | High | 7.5 | 2025-09-22 18:26:09 | Deep Dive |