| CVE-2024-37945 | WordPress WPBITS Addons For Elementor plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability | wpbits | WPBITS Addons For Elementor Page Builder | Medium | 6.5 | 2025-08-14 17:15:51 | Deep Dive |
| CVE-2025-54704 | WordPress Easy Elementor Addons plugin <= 2.2.6 - Cross Site Scripting (XSS) Vulnerability | hashthemes | Easy Elementor Addons | Medium | 6.5 | 2025-08-14 10:34:58 | Deep Dive |
| CVE-2025-7384 | Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion | crmperks | Database for Contact Form 7, WPforms, Elementor forms | Critical | 9.8 | 2025-08-13 04:22:57 | Deep Dive |
| CVE-2025-8874 | Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations <= 2.0.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fancyBox | litonice13 | Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits | Medium | 6.4 | 2025-08-12 06:42:41 | Deep Dive |
| CVE-2025-6253 | UiCore Elements <= 1.3.0 - Missing Authorization to Unauthenticated Arbitrary File Read | uicore | UiCore Elements – Free widgets and templates for Elementor | High | 7.5 | 2025-08-12 05:27:10 | Deep Dive |
| CVE-2025-8081 | Elementor <= 3.30.2 - Authenticated (Administrator+) Arbitrary File Read via Image Import | elemntor | Elementor Website Builder – more than just a page builder | Medium | 4.9 | 2025-08-12 05:27:09 | Deep Dive |
| CVE-2025-8462 | RT Easy Builder <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | risetheme | RT Easy Builder – Advanced addons for Elementor | Medium | 6.4 | 2025-08-12 02:24:46 | Deep Dive |
| CVE-2025-7498 | Exclusive Addons for Elementor <= 2.7.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown | timstrifler | Exclusive Addons for Elementor | Medium | 6.4 | 2025-08-06 03:41:00 | Deep Dive |
| CVE-2025-8100 | Element Pack Elementor Addons and Templates <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 5.4 | 2025-08-06 03:40:59 | Deep Dive |
| CVE-2025-8488 | Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) <= 2.4.6 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update | brainstormforce | Ultimate Addons for Elementor | Medium | 4.3 | 2025-08-02 09:23:32 | Deep Dive |
| CVE-2025-8212 | Medical Addon for Elementor <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typewriter Widget | nicheaddons | Medical Addon for Elementor | Medium | 6.4 | 2025-08-02 07:24:22 | Deep Dive |
| CVE-2025-8146 | Qi Addons for Elementor <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TypeOut Text Widget | qodeinteractive | Qi Addons For Elementor | Medium | 6.4 | 2025-08-02 04:24:12 | Deep Dive |
| CVE-2025-6228 | Sina Extension for Elementor <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Sina Posts`, `Sina Blog Post` and `Sina Table` Widgets | shaonsina | Sina Extension for Elementor | Medium | 6.4 | 2025-08-01 11:18:56 | Deep Dive |
| CVE-2025-7646 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2025-08-01 06:44:32 | Deep Dive |
| CVE-2025-7845 | Stratum – Elementor Widgets <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot Widgets | jetmonsters | Stratum Widgets for Elementor | Medium | 6.4 | 2025-08-01 04:24:30 | Deep Dive |
| CVE-2025-8401 | HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Sensitive Information Exposure | devitemsllc | HT Mega Addons for Elementor – Elementor Widgets & Template Builder | Medium | 4.3 | 2025-07-31 11:19:13 | Deep Dive |
| CVE-2025-8068 | HT Mega – Absolute Addons For Elementor <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions | devitemsllc | HT Mega Addons for Elementor – Elementor Widgets & Template Builder | Medium | 4.3 | 2025-07-31 11:19:13 | Deep Dive |
| CVE-2025-8151 | HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions | devitemsllc | HT Mega Addons for Elementor – Elementor Widgets & Template Builder | Medium | 4.3 | 2025-07-31 11:19:12 | Deep Dive |
| CVE-2025-5684 | MetForm <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM Element | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.4 | 2025-07-29 19:42:34 | Deep Dive |
| CVE-2025-8196 | Magical Addons For Elementor <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes | nalam-1 | Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) | Medium | 6.4 | 2025-07-29 09:23:46 | Deep Dive |