| CVE-2024-10050 | Elementor Header & Footer Builder <= 1.6.43 - Authenticated (Contributor+) Information Disclosure via Shortcode | brainstormforce | Ultimate Addons for Elementor | Medium | 4.3 | 2024-10-24 08:32:22 | Deep Dive |
| CVE-2024-7247 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2024-08-13 05:30:55 | Deep Dive |
| CVE-2024-4359 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Arbitrary File Read | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.5 | 2024-08-09 04:29:50 | Deep Dive |
| CVE-2024-4360 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2024-08-09 04:29:49 | Deep Dive |
| CVE-2024-4643 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2024-08-02 09:29:44 | Deep Dive |
| CVE-2024-33933 | WordPress Elementor Header & Footer Builder plugin <= 1.6.35 - Contributor+ DOM-Based Cross Site Scripting (XSS) vulnerability | Brainstorm Force, Nikhil Chavan | Elementor – Header, Footer & Blocks Template | Medium | 6.5 | 2024-07-22 10:04:08 | Deep Dive |
| CVE-2024-5555 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2024-07-18 08:33:04 | Deep Dive |
| CVE-2024-5554 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2024-07-18 08:33:03 | Deep Dive |
| CVE-2024-4866 | UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | codersaiful | UltraAddons for Elementor | Medium | 6.4 | 2024-07-10 02:02:43 | Deep Dive |
| CVE-2024-4615 | Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Horizontal Nav Menu Widget | elespare | EleSpare – News, Magazine and Blog Addons for Elementor | Medium | 6.4 | 2024-06-13 07:31:53 | Deep Dive |
| CVE-2024-5757 | Elementor Header & Footer Builder <= 1.6.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Title Widget | brainstormforce | Ultimate Addons for Elementor | Medium | 6.4 | 2024-06-13 05:34:45 | Deep Dive |
| CVE-2024-3925 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick events | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2024-06-12 07:32:53 | Deep Dive |
| CVE-2024-5161 | Magical Addons For Elementor <= 1.1.39 - Authenticated (Contributor+) Stored Cross-Site Scripting | nalam-1 | Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) | Medium | 6.4 | 2024-06-06 03:53:11 | Deep Dive |
| CVE-2024-4788 | Boostify Header Footer Builder for Elementor <= 1.3.5 - Missing Authorization to Page/Post Creation | duongancol | Boostify Header Footer Builder for Elementor | Medium | 4.3 | 2024-06-06 02:02:51 | Deep Dive |
| CVE-2024-5006 | Boostify Header Footer Builder for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via size Parameter | duongancol | Boostify Header Footer Builder for Elementor | Medium | 6.4 | 2024-06-05 07:34:53 | Deep Dive |
| CVE-2024-2618 | Elementor Header & Footer Builder <= 1.6.26 - Authenticated (Contributor+) Stored Cross-Site Scripting | brainstormforce | Ultimate Addons for Elementor | Medium | 6.4 | 2024-05-24 04:29:58 | Deep Dive |
| CVE-2024-3926 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2024-05-22 14:32:39 | Deep Dive |
| CVE-2024-3927 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.3 - Form Submission Admin Email Bypass | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 5.3 | 2024-05-22 06:50:34 | Deep Dive |
| CVE-2024-2619 | Elementor Header & Footer Builder <= 1.6.26 - Authenticated (Author+) HTML Injection | brainstormforce | Ultimate Addons for Elementor | Medium | 5.0 | 2024-05-16 20:31:04 | Deep Dive |
| CVE-2024-4634 | Elementor Header & Footer Builder <= 1.6.28 - Authenticated (Contributor+) Stored Cross-Site Scripting | brainstormforce | Ultimate Addons for Elementor | Medium | 6.4 | 2024-05-16 11:05:30 | Deep Dive |