| CVE-2025-2108 | 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Site Title' widget | xpro | Xpro Addons — 140+ Widgets for Elementor | Medium | 6.4 | 2025-03-20 06:54:57 | Deep Dive |
| CVE-2025-1526 | DethemeKit for Elementor <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | detheme | DethemeKit for Elementor | Medium | 6.4 | 2025-03-14 07:23:20 | Deep Dive |
| CVE-2025-1527 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Flash Sale Countdown Module | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2025-03-12 11:13:33 | Deep Dive |
| CVE-2024-13862 | S3Bubble Media Streaming <= 8.0 - Reflected XSS | Unknown | S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) | 高危 | - | 2025-03-11 06:00:12 | Deep Dive |
| CVE-2024-10326 | RomethemeKit For Elementor <= 1.5.3 - Missing Authorization in save_options and reset_widgets | rometheme | RTMKit | Medium | 4.3 | 2025-03-08 12:21:31 | Deep Dive |
| CVE-2024-13649 | 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | xpro | Xpro Addons — 140+ Widgets for Elementor | Medium | 6.4 | 2025-03-08 11:16:40 | Deep Dive |
| CVE-2025-1287 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2025-03-08 08:22:58 | Deep Dive |
| CVE-2024-10321 | All-in-One Addons for Elementor – WidgetKit <= 2.5.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates | shamsbd71 | All-in-One Addons for Elementor – WidgetKit | Medium | 4.3 | 2025-03-08 08:22:56 | Deep Dive |
| CVE-2025-1261 | HT Mega – Absolute Addons For Elementor <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget | devitemsllc | HT Mega Addons for Elementor – Elementor Widgets & Template Builder | Medium | 6.4 | 2025-03-08 01:44:27 | Deep Dive |
| CVE-2024-13827 | Razorpay Subscription Button Elementor Plugin <= 1.0.3 - Reflected Cross-Site Scripting via add_query_arg and remove_query_arg Functions | razorpay | Razorpay Subscription Button Elementor Plugin | Medium | 6.1 | 2025-03-05 08:21:56 | Deep Dive |
| CVE-2025-0433 | Master Addons <= 2.0.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | litonice13 | Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits | Medium | 6.4 | 2025-03-04 08:23:43 | Deep Dive |
| CVE-2024-9618 | Master Addons <= 2.0.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | litonice13 | Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits | Medium | 6.4 | 2025-03-04 08:23:42 | Deep Dive |
| CVE-2025-1639 | Animation Addons for Elementor Pro <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation | crowdyTheme | Animation Addons for Elementor Pro | High | 8.8 | 2025-03-04 03:38:00 | Deep Dive |
| CVE-2024-13832 | Ultra Addons Lite for Elementor <= 1.1.8 - Authenticated (Contributor+) Restricted Post Disclosure | ultrapressorg | Ultra Addons Lite for Elementor | Medium | 4.3 | 2025-02-28 08:23:15 | Deep Dive |
| CVE-2025-1571 | Exclusive Addons for Elementor <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text and Image Comparison Widgets | timstrifler | Exclusive Addons for Elementor | Medium | 6.4 | 2025-02-28 07:03:47 | Deep Dive |
| CVE-2024-13217 | Jeg Elementor Kit <= 2.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via Countdown and Off-Canvas | jegtheme | Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress | Medium | 4.3 | 2025-02-27 11:13:33 | Deep Dive |
| CVE-2024-13734 | Card Elements for Elementor <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Profile Card Widget | techeshta | Card Elements for Elementor | Medium | 6.4 | 2025-02-27 09:21:48 | Deep Dive |
| CVE-2025-1295 | Templines Elementor Helper Core <= 2.7 - Authenticated (Subscriber+) Privilege Escalation | Templines | Templines Elementor Helper Core | High | 8.8 | 2025-02-27 05:23:05 | Deep Dive |
| CVE-2025-1517 | Sina Extension for Elementor <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text, Countdown Widget, and Login Form Shortcodes | shaonsina | Sina Extension for Elementor | Medium | 6.4 | 2025-02-26 08:21:57 | Deep Dive |
| CVE-2024-13113 | Countdown Timer for Elementor < 1.3.7 - Contributor+ Stored XSS | Unknown | Countdown Timer for Elementor | 中危 | - | 2025-02-26 06:00:08 | Deep Dive |