| CVE-2025-48131 | WordPress UltraAddons Elementor Lite plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability | Saiful Islam | UltraAddons Elementor Lite | Medium | 6.5 | 2025-05-16 15:45:13 | Deep Dive |
| CVE-2025-2944 | Jeg Elementor Kit <= 2.6.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Button and Countdown Widgets | jegtheme | Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress | Medium | 6.4 | 2025-05-10 05:32:16 | Deep Dive |
| CVE-2025-47644 | WordPress Integrations of Zoho CRM with Elementor form plugin <= 1.0.8 - Open Redirection Vulnerability | formsintegrations | Integrations of Zoho CRM with Elementor form | Medium | 4.7 | 2025-05-07 14:20:43 | Deep Dive |
| CVE-2025-47542 | WordPress Simple calendar for Elementor plugin <= 1.6.5 - Cross Site Request Forgery (CSRF) Vulnerability | Michael | Simple calendar for Elementor | Medium | 4.3 | 2025-05-07 14:20:15 | Deep Dive |
| CVE-2025-47476 | WordPress Cost Calculator for Elementor plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability | add-ons.org | Cost Calculator for Elementor | Medium | 6.5 | 2025-05-07 14:19:46 | Deep Dive |
| CVE-2025-39361 | WordPress Royal Elementor Addons plugin <= 1.7.1017 - Cross Site Scripting (XSS) vulnerability | WP Royal | Royal Elementor Addons | Medium | 6.5 | 2025-05-07 09:03:06 | Deep Dive |
| CVE-2024-12120 | Royal Elementor Addons and Templates <= 1.7.1017 - Authenticated (Contributor+) Stored Cross-Site Scripting | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 5.4 | 2025-05-07 07:21:41 | Deep Dive |
| CVE-2025-2168 | Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.4.1 - Cross-Site Request Forgery to Limited User Meta Update | bdthemes | Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor | Medium | 4.3 | 2025-05-01 03:23:40 | Deep Dive |
| CVE-2025-1458 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2025-04-26 05:34:23 | Deep Dive |
| CVE-2024-13808 | Xpro Elementor Addons - Pro <= 1.4.9 - Authenticated (Contributor+) Remote Code Execution | WPXpro | Xpro Elementor Addons - Pro | High | 8.8 | 2025-04-26 04:22:37 | Deep Dive |
| CVE-2025-3775 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.2 - Unauthenticated Server-Side Request Forgery via URL Parameter | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.5 | 2025-04-25 04:23:05 | Deep Dive |
| CVE-2025-46472 | WordPress The Pack Elementor addons plugin <= 2.1.6 - Cross Site Scripting (XSS) Vulnerability | webangon | The Pack Elementor addons | Medium | 6.5 | 2025-04-24 16:08:48 | Deep Dive |
| CVE-2025-46260 | WordPress Sky Addons for Elementor plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability | wowDevs | Sky Addons for Elementor | Medium | 6.5 | 2025-04-24 16:08:28 | Deep Dive |
| CVE-2025-1054 | UiCore Elements – Free Elementor widgets and templates <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | uicore | UiCore Elements – Free widgets and templates for Elementor | Medium | 6.4 | 2025-04-23 09:23:39 | Deep Dive |
| CVE-2025-46249 | WordPress Simple calendar for Elementor plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) Vulnerability | Michael | Simple calendar for Elementor | Medium | 4.3 | 2025-04-22 09:53:32 | Deep Dive |
| CVE-2025-46225 | WordPress Post in page for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | Michael | Post in page for Elementor | Medium | 6.5 | 2025-04-22 09:53:19 | Deep Dive |
| CVE-2025-3103 | CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon <= 2.4 - Unauthenticated Arbitrary File Read | LambertGroup | CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon | High | 7.5 | 2025-04-19 04:21:15 | Deep Dive |
| CVE-2025-1457 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2025-04-19 03:21:25 | Deep Dive |
| CVE-2025-3275 | Themesflat Addons For Elementor <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | themesflat | Themesflat Addons For Elementor | Medium | 6.4 | 2025-04-19 03:21:24 | Deep Dive |
| CVE-2025-3106 | LA-Studio Element Kit for Elementor <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget | choijun | LA-Studio Element Kit for Elementor | Medium | 6.4 | 2025-04-18 09:21:49 | Deep Dive |