| CVE-2025-59553 | WordPress Custom iFrame for Elementor Plugin <= 1.0.13 - Cross Site Scripting (XSS) Vulnerability | Coderz Studio | Custom iFrame for Elementor | Medium | 6.5 | 2025-09-22 18:26:05 | Deep Dive |
| CVE-2025-59592 | WordPress Make Column Clickable Elementor Plugin <= 1.6.0 - Cross Site Scripting (XSS) Vulnerability | Fernando Acosta | Make Column Clickable Elementor | Medium | 6.5 | 2025-09-22 18:25:45 | Deep Dive |
| CVE-2025-57939 | WordPress Image Hover Effects – Elementor Addon Plugin <= 1.4.4 - Broken Access Control Vulnerability | Blocksera | Image Hover Effects – Elementor Addon | Medium | 5.3 | 2025-09-22 18:25:00 | Deep Dive |
| CVE-2025-57955 | WordPress Post Carousel Slider for Elementor Plugin <= 1.7.0 - Broken Access Control Vulnerability | Plugin Devs | Post Carousel Slider for Elementor | Medium | 6.5 | 2025-09-22 18:24:48 | Deep Dive |
| CVE-2025-57995 | WordPress DethemeKit For Elementor Plugin <= 2.1.10 - Broken Access Control Vulnerability | Detheme | DethemeKit For Elementor | Medium | 4.3 | 2025-09-22 18:24:19 | Deep Dive |
| CVE-2025-57999 | WordPress WPKoi Templates for Elementor Plugin <= 3.4.3 - Cross Site Scripting (XSS) Vulnerability | wpkoithemes | WPKoi Templates for Elementor | Medium | 6.5 | 2025-09-22 18:24:16 | Deep Dive |
| CVE-2025-58017 | WordPress Ultimate Store Kit Elementor Addons plugin <= 2.8.6 - Cross Site Scripting (XSS) vulnerability | bdthemes | Ultimate Store Kit Elementor Addons | Medium | 6.5 | 2025-09-22 18:24:04 | Deep Dive |
| CVE-2025-58251 | WordPress Sticky Header Effects for Elementor Plugin <= 2.1.2 - Broken Access Control Vulnerability | POSIMYTH | Sticky Header Effects for Elementor | Medium | 4.3 | 2025-09-22 18:23:29 | Deep Dive |
| CVE-2025-58254 | WordPress StylePress for Elementor Plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability | dtbaker | StylePress for Elementor | Medium | 6.5 | 2025-09-22 18:23:27 | Deep Dive |
| CVE-2025-9203 | Media Player Addons for Elementor <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Fields | bplugins | Media Player Addons for Elementor – Audio and Video Widgets for Elementor | Medium | 6.4 | 2025-09-17 06:17:48 | Deep Dive |
| CVE-2025-8481 | Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid <= 1.1.7 - Cross-Site Request Forgery | mdimran41 | Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid | Medium | 4.3 | 2025-09-11 07:24:58 | Deep Dive |
| CVE-2025-8215 | Responsive Addons for Elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | cyberchimps | Responsive Addons for Elementor – Free Elementor Addons, Kits and Elementor Templates | Medium | 6.4 | 2025-09-11 07:24:58 | Deep Dive |
| CVE-2025-8445 | Countdown Timer for Elementor <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'countdown_label' | shaikhaezaz80 | Countdown Timer for Elementor | Medium | 6.4 | 2025-09-11 07:24:53 | Deep Dive |
| CVE-2025-8388 | PowerPack Lite for Elementor <= 2.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Via 'cursor_url' | ideaboxcreations | PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) | Medium | 6.4 | 2025-09-10 04:22:38 | Deep Dive |
| CVE-2025-8149 | aThemes Addons for Elementor Lite <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget | smub | aThemes Addons for Elementor | Medium | 6.4 | 2025-09-06 03:22:38 | Deep Dive |
| CVE-2025-8564 | SKT Addons for Elementor <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | sonalsinha21 | SKT Addons for Elementor | Medium | 6.4 | 2025-09-06 03:22:37 | Deep Dive |
| CVE-2025-8722 | Content Views <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Grid and List Widgets | pt-guy | Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor) | Medium | 6.4 | 2025-09-06 03:22:35 | Deep Dive |
| CVE-2025-8360 | LA-Studio Element Kit for Elementor <= 1.5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | choijun | LA-Studio Element Kit for Elementor | Medium | 6.4 | 2025-09-06 02:24:17 | Deep Dive |
| CVE-2025-58816 | WordPress Product Carousel Slider for Elementor Plugin <= 2.1.3 - Broken Access Control Vulnerability | Plugin Devs | Product Carousel Slider for Elementor | Low | 3.5 | 2025-09-05 13:45:16 | Deep Dive |
| CVE-2025-58796 | WordPress Elementor Element Condition Plugin <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability | dudaster | Elementor Element Condition | Medium | 6.5 | 2025-09-05 13:45:05 | Deep Dive |