| CVE-2025-14732 | Elementor Website Builder <= 3.35.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API | elemntor | Elementor Website Builder – more than just a page builder | Medium | 6.4 | 2026-04-08 01:24:43 | Deep Dive |
| CVE-2025-13368 | Xpro Addons — 140+ Widgets for Elementor <= 1.4.20 - Authenticated (Contributor+) Stored Cross-Site Scripting | xpro | Xpro Addons — 140+ Widgets for Elementor | Medium | 6.4 | 2026-04-04 07:42:00 | Deep Dive |
| CVE-2026-0664 | Royal Elementor Addons <= 1.7.1049 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.4 | 2026-04-04 07:41:58 | Deep Dive |
| CVE-2026-2600 | ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget | roxnor | ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor | Medium | 6.4 | 2026-04-04 07:41:58 | Deep Dive |
| CVE-2026-2949 | Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Box Widget | xpro | Xpro Addons — 140+ Widgets for Elementor | Medium | 6.4 | 2026-04-04 02:26:21 | Deep Dive |
| CVE-2025-13535 | King Addons for Elementor <= 51.1.38 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Widgets | kingaddons | King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder | Medium | 6.4 | 2026-04-01 14:37:34 | Deep Dive |
| CVE-2026-3831 | Database for Contact Form 7, WPforms, Elementor forms <= 1.4.9 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode | crmperks | Database for Contact Form 7, WPforms, Elementor forms | Medium | 4.3 | 2026-04-01 01:24:21 | Deep Dive |
| CVE-2026-1206 | Elementor Website Builder <= 3.35.7 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template | elemntor | Elementor Website Builder – more than just a page builder | Medium | 4.3 | 2026-03-26 05:29:33 | Deep Dive |
| CVE-2026-32532 | WordPress Contact Form & Lead Form Elementor Builder plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability | ThemeHunk | Contact Form & Lead Form Elementor Builder | 中危 | - | 2026-03-25 16:15:10 | Deep Dive |
| CVE-2026-32527 | WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.5 - Broken Access Control vulnerability | CRM Perks | WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | 中危 | - | 2026-03-25 16:15:09 | Deep Dive |
| CVE-2026-25430 | WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.2 - Broken Access Control vulnerability | CRM Perks | Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms | Medium | 6.5 | 2026-03-25 16:14:49 | Deep Dive |
| CVE-2026-25398 | WordPress Vertex Addons for Elementor plugin <= 1.6.4 - Broken Access Control vulnerability | Webilia Inc. | Vertex Addons for Elementor | Medium | 6.5 | 2026-03-25 16:14:48 | Deep Dive |
| CVE-2026-25007 | WordPress ElementInvader Addons for Elementor plugin <= 1.4.2 - SQL Injection vulnerability | Element Invader | ElementInvader Addons for Elementor | High | 8.5 | 2026-03-25 16:14:37 | Deep Dive |
| CVE-2025-13997 | King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure | kingaddons | King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder | Medium | 5.3 | 2026-03-23 06:41:08 | Deep Dive |
| CVE-2025-6229 | Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Fancy Text Widget` And `Countdown Widget` | shaonsina | Sina Extension for Elementor | Medium | 6.4 | 2026-03-23 06:41:07 | Deep Dive |
| CVE-2026-1397 | PQ Addons – Creative Elementor Widgets <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Attributes | peacefulqode | PQ Addons – Creative Elementor Widgets | Medium | 6.4 | 2026-03-21 03:27:10 | Deep Dive |
| CVE-2026-2373 | Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 5.3 | 2026-03-17 03:36:25 | Deep Dive |
| CVE-2026-1870 | Thim Kit for Elementor <= 1.3.7 - Missing Authorization to Unauthenticated Private Course Disclosure | thimpress | Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor | Medium | 5.3 | 2026-03-14 13:24:42 | Deep Dive |
| CVE-2026-32462 | WordPress Master Addons for Elementor plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability | Liton Arefin | Master Addons for Elementor | 中危 | - | 2026-03-13 11:42:24 | Deep Dive |
| CVE-2026-32445 | WordPress Elementor Website Builder plugin <= 3.35.5 - Broken Access Control vulnerability | Elementor | Elementor Website Builder | 中危 | - | 2026-03-13 11:42:20 | Deep Dive |