| CVE-2024-13699 | Qi Addons For Elementor <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | qodeinteractive | Qi Addons For Elementor | Medium | 6.4 | 2025-02-04 12:22:21 | Deep Dive |
| CVE-2024-12046 | Medical Addon for Elementor <= 1.6.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode | nicheaddons | Medical Addon for Elementor | Medium | 4.3 | 2025-02-04 07:21:01 | Deep Dive |
| CVE-2024-12597 | HT Mega <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via block_css and inner_css | devitemsllc | HT Mega Addons for Elementor – Elementor Widgets & Template Builder | Medium | 6.4 | 2025-02-04 06:41:53 | Deep Dive |
| CVE-2025-22701 | WordPress Traveler Layout Essential For Elementor plugin < 1.4 - Server Side Request Forgery (SSRF) vulnerability | shinetheme | Traveler Layout Essential For Elementor | Medium | 5.4 | 2025-02-03 14:23:53 | Deep Dive |
| CVE-2025-24569 | WordPress PDF Generator Addon for Elementor Page Builder plugin <= 1.7.5 - Arbitrary File Read vulnerability | RedefiningTheWeb | PDF Generator Addon for Elementor Page Builder | High | 7.5 | 2025-02-03 14:22:47 | Deep Dive |
| CVE-2024-11829 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2025-02-01 06:41:52 | Deep Dive |
| CVE-2024-12620 | AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations <= 1.4.23 - Missing Authorization to Unauthenticated Settings Update | creativeinteractivemedia | AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations | Medium | 5.3 | 2025-02-01 03:21:12 | Deep Dive |
| CVE-2024-13547 | aThemes Addons for Elementor <= 1.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting | smub | aThemes Addons for Elementor | Medium | 6.4 | 2025-02-01 03:21:11 | Deep Dive |
| CVE-2024-13216 | HT Event – WordPress Event Manager Plugin for Elementor <= 1.4.7 - Authenticated (Contributor+) Sensitive Information Exposure via HT Event: Sponsor | devitemsllc | HT Event – WordPress Event Manager Plugin for Elementor | Medium | 4.3 | 2025-01-31 05:22:33 | Deep Dive |
| CVE-2024-10867 | Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.6.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload | visualmodo | Borderless – Addons and Templates for Elementor | Medium | 5.4 | 2025-01-31 04:21:48 | Deep Dive |
| CVE-2024-8494 | Elementor Website Builder Pro – More than Just a Page Builder <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode | https://elementor.com/ | Elementor Website Builder Pro | Medium | 4.3 | 2025-01-30 13:42:05 | Deep Dive |
| CVE-2024-11600 | Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.6.0 - Authenticated (Administrator+) Remote Code Execution | visualmodo | Borderless – Addons and Templates for Elementor | High | 7.2 | 2025-01-30 13:41:59 | Deep Dive |
| CVE-2024-11583 | Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Missing Authorization to Icon Font Deletion | visualmodo | Borderless – Addons and Templates for Elementor | Medium | 4.3 | 2025-01-30 13:41:55 | Deep Dive |
| CVE-2024-13694 | WooCommerce Wishlist <= 1.8.7 - Unauthenticated Wishlist Disclosure via download_pdf_file Function | moreconvert | MoreConvert Wishlist for WooCommerce | High | 7.5 | 2025-01-30 08:21:26 | Deep Dive |
| CVE-2024-13642 | Stratum – Elementor Widgets <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerability via Image Hotspot Widget | jetmonsters | Stratum Widgets for Elementor | Medium | 6.4 | 2025-01-30 06:41:09 | Deep Dive |
| CVE-2025-24708 | WordPress WP Dynamics CRM plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability | CRM Perks | WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | High | 7.1 | 2025-01-27 14:22:18 | Deep Dive |
| CVE-2025-24584 | WordPress Ultimate Store Kit Elementor Addons plugin <= 2.3.0 - Broken Access Control vulnerability | bdthemes | Ultimate Store Kit Elementor Addons | Medium | 4.3 | 2025-01-27 13:59:49 | Deep Dive |
| CVE-2024-13548 | Power Ups for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | dotrex | Power Ups for Elementor | Medium | 6.4 | 2025-01-25 07:24:15 | Deep Dive |
| CVE-2025-24729 | WordPress ElementInvader Addons for Elementor plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability | Element Invader | ElementInvader Addons for Elementor | Medium | 6.5 | 2025-01-24 17:25:19 | Deep Dive |
| CVE-2025-24725 | WordPress Thim Elementor Kit Plugin <= 1.2.8 - Broken Access Control vulnerability | ThimPress | Thim Elementor Kit | Medium | 4.3 | 2025-01-24 17:25:16 | Deep Dive |