| CVE-2025-3106 | LA-Studio Element Kit for Elementor <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget | choijun | LA-Studio Element Kit for Elementor | Medium | 6.4 | 2025-04-18 09:21:49 | Deep Dive |
| CVE-2024-13650 | Piotnet Addons For Elementor <= 2.4.36 - Authenticated (Contributor+) Stored Cross-Site Scripting | piotnetdotcom | Piotnet Addons For Elementor | Medium | 6.4 | 2025-04-18 01:44:11 | Deep Dive |
| CVE-2025-24752 | WordPress Essential Addons for Elementor plugin <= 6.0.14 - Reflected Cross Site Scripting (XSS) vulnerability | WPDeveloper | Essential Addons for Elementor | High | 7.1 | 2025-04-17 15:48:11 | Deep Dive |
| CVE-2025-39588 | WordPress Ultimate Store Kit Elementor Addons plugin <= 2.4.0 - Deserialization of untrusted data Vulnerability | bdthemes | Ultimate Store Kit Elementor Addons | Critical | 9.8 | 2025-04-17 15:46:44 | Deep Dive |
| CVE-2025-39543 | WordPress Royal Elementor Addons plugin <= 1.3.977 - Cross Site Scripting (XSS) vulnerability | WP Royal | Royal Elementor Addons | Medium | 6.5 | 2025-04-16 12:44:41 | Deep Dive |
| CVE-2025-39546 | WordPress ElementsReady Addons for Elementor plugin <= 6.6.2 - Cross Site Request Forgery (CSRF) Vulnerability | quomodosoft | ElementsReady Addons for Elementor | Medium | 4.3 | 2025-04-16 12:44:39 | Deep Dive |
| CVE-2025-39589 | WordPress Essential Addons for Elementor plugin <= 6.1.9 - Sensitive Data Exposure Vulnerability | WPDeveloper | Essential Addons for Elementor | Medium | 4.3 | 2025-04-16 12:44:22 | Deep Dive |
| CVE-2025-39590 | WordPress Essential Addons for Elementor plugin <= 6.1.9 - Cross Site Scripting (XSS) Vulnerability | WPDeveloper | Essential Addons for Elementor | Medium | 6.5 | 2025-04-16 12:44:21 | Deep Dive |
| CVE-2025-26990 | WordPress Royal Elementor Addons plugin <= 1.7.1006 - Server Side Request Forgery (SSRF) vulnerability | WP Royal | Royal Elementor Addons | Medium | 4.4 | 2025-04-15 11:59:07 | Deep Dive |
| CVE-2025-26745 | WordPress RS Elements Elementor Addon plugin <= 1.1.5 - Stored Cross Site Scripting (XSS) vulnerability | RSTheme | RS Elements Elementor Addon | Medium | 6.5 | 2025-04-15 11:59:05 | Deep Dive |
| CVE-2025-2225 | Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'rael_title_tag' | cyberchimps | Responsive Addons for Elementor – Free Elementor Addons, Kits and Elementor Templates | Medium | 6.4 | 2025-04-15 05:23:28 | Deep Dive |
| CVE-2025-1456 | Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated DOM-Based (Contributor+) Stored Cross-Site Scripting | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.4 | 2025-04-12 08:22:41 | Deep Dive |
| CVE-2025-1455 | Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated (Contributor+) Stored Cross-Site Scripting | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.4 | 2025-04-12 08:22:40 | Deep Dive |
| CVE-2025-32672 | WordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.9 - Local File Inclusion Vulnerability | g5theme | Ultimate Bootstrap Elements for Elementor | High | 8.1 | 2025-04-11 08:43:03 | Deep Dive |
| CVE-2025-32260 | WordPress DethemeKit For Elementor plugin <= 2.1.10 - Broken Access Control vulnerability | Detheme | DethemeKit For Elementor | Medium | 5.3 | 2025-04-10 08:09:48 | Deep Dive |
| CVE-2025-32158 | WordPress aThemes Addons for Elementor plugin <= 1.1.3 - Local File Inclusion vulnerability | Syed Balkhi | aThemes Addons for Elementor | High | 7.5 | 2025-04-10 08:09:43 | Deep Dive |
| CVE-2025-32640 | WordPress One Click Accessibility plugin <= 3.1.0 - Cross-Site Scripting (XSS) vulnerability | Elementor | Ally | Medium | 5.9 | 2025-04-09 16:09:24 | Deep Dive |
| CVE-2025-32641 | WordPress Anant Addons for Elementor plugin <= 1.1.8 - CSRF to Arbitrary Plugin Installation vulnerability | anantaddons | Anant Addons for Elementor | Critical | 9.6 | 2025-04-09 16:09:23 | Deep Dive |
| CVE-2025-32269 | WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | CRM Perks | WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | Medium | 4.3 | 2025-04-04 15:59:43 | Deep Dive |
| CVE-2025-32264 | WordPress UltraAddons – Elementor Addons plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability | Saiful Islam | UltraAddons Elementor Lite | Medium | 4.3 | 2025-04-04 15:59:40 | Deep Dive |