| CVE-2025-24595 | WordPress All Embed – Elementor Addons plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability | bPlugins | All Embed – Elementor Addons | Medium | 6.5 | 2025-01-24 17:24:28 | Deep Dive |
| CVE-2025-24578 | WordPress ElementInvader Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability | Element Invader | ElementInvader Addons for Elementor | Medium | 6.5 | 2025-01-24 17:24:20 | Deep Dive |
| CVE-2024-10324 | RomethemeKit For Elementor <= 1.5.2 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates | rometheme | RTMKit | Medium | 4.3 | 2025-01-24 13:40:58 | Deep Dive |
| CVE-2024-13408 | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion | wpwax | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget | High | 7.5 | 2025-01-24 11:07:33 | Deep Dive |
| CVE-2024-13354 | Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | cyberchimps | Responsive Addons for Elementor – Free Elementor Addons, Kits and Elementor Templates | Medium | 6.4 | 2025-01-24 11:07:33 | Deep Dive |
| CVE-2024-13335 | Sastra Essential Addons for Elementor – Free Elementor Addons, Widgets and Templates <= 1.0.14 - Missing Authorization to Spexo Theme Install | templatescoderthemes | Spexo Addons for Elementor – Elementor Widgets, Mega Menu, Popup Builder, Template Kits and Starter Templates for Elementor | Medium | 4.3 | 2025-01-24 11:07:33 | Deep Dive |
| CVE-2024-13409 | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler() | wpwax | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget | High | 7.5 | 2025-01-24 11:07:31 | Deep Dive |
| CVE-2024-12043 | Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | Prime Slider – Addons for Elementor | Medium | 6.4 | 2025-01-23 11:13:27 | Deep Dive |
| CVE-2025-22758 | WordPress Elementor AI Addons plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability | Harnani | Elementor AI Addons | Medium | 6.5 | 2025-01-15 15:23:26 | Deep Dive |
| CVE-2025-22786 | WordPress ElementInvader Addons for Elementor plugin <= 1.2.6 - Local File Inclusion vulnerability | Element Invader | ElementInvader Addons for Elementor | High | 7.5 | 2025-01-15 15:23:11 | Deep Dive |
| CVE-2024-13215 | Elementor Addon Elements <= 1.13.10 - Authenticated (Contributor+) Sensitive Information Exposure via Modal Popup | wpvibes | Addon Elements for Elementor (formerly Elementor Addon Elements) | Medium | 4.3 | 2025-01-15 12:44:27 | Deep Dive |
| CVE-2024-10775 | Piotnet Addons For Elementor <= 2.4.32 - Authenticated (Contributor+) Post Disclosure | piotnetdotcom | Piotnet Addons For Elementor | Medium | 4.3 | 2025-01-15 09:25:54 | Deep Dive |
| CVE-2025-0393 | Royal Elementor Addons and Templates <= 1.7.1006 - Cross-Site Request Forgery to Reflected Cross-Site Scripting | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.1 | 2025-01-14 08:23:14 | Deep Dive |
| CVE-2024-12116 | Unlimited Theme Addon For Elementor and WooCommerce <= 1.2.2 - Authenticated (Contributor+) Post Disclosure | codepopular | Unlimited Theme Addon For Elementor | Medium | 4.3 | 2025-01-11 07:21:52 | Deep Dive |
| CVE-2024-11915 | RRAddons for Elementor <= 1.1.0 - Authenticated (Contributor+) Post Disclosure | rrdevs | RRAddons for Elementor | Medium | 4.3 | 2025-01-11 07:21:51 | Deep Dive |
| CVE-2025-22806 | WordPress Black Widgets For Elementor plugin <= 1.3.8 - Cross Site Scripting (XSS) vulnerability | Modernaweb Studio | Black Widgets For Elementor | Medium | 6.5 | 2025-01-09 15:39:08 | Deep Dive |
| CVE-2025-22811 | WordPress MT Addons for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability | Cristian Stan | MT Addons for Elementor | Medium | 6.5 | 2025-01-09 15:39:05 | Deep Dive |
| CVE-2025-22812 | WordPress News Ticker Widget for Elementor plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability | Aezaz Shaikh | News Ticker Widget for Elementor | Medium | 6.5 | 2025-01-09 15:39:05 | Deep Dive |
| CVE-2025-22818 | WordPress S3Player plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability | S3Bubble | S3Player – WooCommerce & Elementor Integration | Medium | 6.5 | 2025-01-09 15:39:01 | Deep Dive |
| CVE-2024-13153 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.135 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | unitecms | Unlimited Elements For Elementor | Medium | 6.4 | 2025-01-09 08:24:24 | Deep Dive |