| CVE-2026-32429 | WordPress Magical Addons For Elementor plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability | Noor Alam | Magical Addons For Elementor | 中危 | - | 2026-03-13 11:42:18 | Deep Dive |
| CVE-2026-32430 | WordPress PowerPack Addons for Elementor plugin <= 2.9.9 - Cross Site Scripting (XSS) vulnerability | IdeaBox Creations | PowerPack Addons for Elementor | 中危 | - | 2026-03-13 11:42:18 | Deep Dive |
| CVE-2026-32372 | WordPress ShopBuilder – Elementor WooCommerce Builder Addons plugin <= 3.2.4 - Sensitive Data Exposure vulnerability | RadiusTheme | ShopBuilder – Elementor WooCommerce Builder Addons | 中危 | - | 2026-03-13 11:42:07 | Deep Dive |
| CVE-2026-32352 | WordPress Elementor Website Builder plugin <= 3.35.5 - Cross Site Scripting (XSS) vulnerability | Elementor | Elementor Website Builder | 中危 | - | 2026-03-13 11:41:59 | Deep Dive |
| CVE-2026-2917 | Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter | thehappymonster | Happy Addons for Elementor | Medium | 5.4 | 2026-03-11 07:36:25 | Deep Dive |
| CVE-2026-2918 | Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions | thehappymonster | Happy Addons for Elementor | Medium | 6.4 | 2026-03-11 07:36:24 | Deep Dive |
| CVE-2025-13067 | Royal Addons for Elementor <= 1.7.1049 - Authenticated (Author+) Arbitrary File Upload via main.php Upload Bypass | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | High | 8.8 | 2026-03-11 04:25:47 | Deep Dive |
| CVE-2026-2724 | Unlimited Elements For Elementor <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting via Form Entry Fields | unitecms | Unlimited Elements For Elementor | High | 7.2 | 2026-03-10 09:58:58 | Deep Dive |
| CVE-2026-2599 | Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv' | crmperks | Database for Contact Form 7, WPforms, Elementor forms | Critical | 9.8 | 2026-03-05 12:26:06 | Deep Dive |
| CVE-2026-28135 | WordPress Royal Elementor Addons plugin <= 1.7.1052 - Other vulnerability Type vulnerability | WP Royal | Royal Elementor Addons | 中危 | - | 2026-03-05 05:54:32 | Deep Dive |
| CVE-2026-27983 | WordPress LMS Elementor Pro plugin <= 1.0.4 - Privilege Escalation vulnerability | designthemes | LMS Elementor Pro | Critical | 9.8 | 2026-03-05 05:54:03 | Deep Dive |
| CVE-2026-27376 | WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme <= 2.2.7 - Reflected Cross Site Scripting (XSS) vulnerability | JanStudio | Claue - Clean, Minimal Elementor WooCommerce Theme | High | 7.1 | 2026-03-05 05:53:57 | Deep Dive |
| CVE-2026-3034 | OoohBoi Steroids for Elementor <= 2.1.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple URL Controls | sagarpatel124 | OoohBoi Steroids for Elementor | Medium | 6.4 | 2026-03-05 03:23:41 | Deep Dive |
| CVE-2026-2568 | WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.5 - Unauthenticated Stored Cross-Site Scripting | crmperks | WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | High | 7.2 | 2026-03-03 09:24:12 | Deep Dive |
| CVE-2026-3132 | Master Addons for Elementor Premium <= 2.1.3 - Authenticated (Subscriber+) Remote Code Execution via render_preview | Jewel Theme | Master Addons for Elementor Premium | High | 8.8 | 2026-03-02 17:23:36 | Deep Dive |
| CVE-2025-14149 | Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Scroller Widget box link | xpro | Xpro Addons — 140+ Widgets for Elementor | Medium | 6.4 | 2026-02-27 06:43:49 | Deep Dive |
| CVE-2026-28131 | WordPress Elementor Addon Elements plugin <= 1.14.4 - Sensitive Data Exposure vulnerability | WPVibes | Elementor Addon Elements | Medium | 6.5 | 2026-02-26 08:33:36 | Deep Dive |
| CVE-2026-23693 | ElementsKit Elementor Addons < 3.7.9 Unauthenticated Mailchimp REST Endpoint | Roxnor | ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor | Critical | 10.0 | 2026-02-23 20:33:55 | Deep Dive |
| CVE-2026-2385 | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Unauthenticated Email Relay | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 5.3 | 2026-02-22 08:24:45 | Deep Dive |
| CVE-2026-24956 | WordPress Download Manager Addons for Elementor plugin <= 1.3.0 - SQL Injection vulnerability | Shahjada | Download Manager Addons for Elementor | Critical | 9.3 | 2026-02-20 15:47:09 | Deep Dive |