| CVE-2025-32216 | WordPress Spider Elements – Addons for Elementor plugin <= 1.6.6 - Broken Access Control vulnerability | Spider Themes | Spider Elements | Medium | 6.4 | 2025-04-10 08:09:46 | Deep Dive |
| CVE-2025-32182 | WordPress Spider Elements – Addons for Elementor plugin <= 1.6.5 - Cross Site Scripting (XSS) vulnerability | Spider Themes | Spider Elements | Medium | 6.5 | 2025-04-04 15:58:57 | Deep Dive |
| CVE-2025-1663 | Unlimited Elements For Elementor <= 1.5.142 - Authenticated (Contributor+) Stored Cross-Site Scripting | unitecms | Unlimited Elements For Elementor | Medium | 6.4 | 2025-04-03 07:21:23 | Deep Dive |
| CVE-2025-31740 | WordPress News, Magazine and Blog Elements Plugin <= 1.3 - Stored Cross Site Scripting (XSS) vulnerability | aThemeArt | News, Magazine and Blog Elements | Medium | 6.5 | 2025-04-01 14:51:06 | Deep Dive |
| CVE-2024-13734 | Card Elements for Elementor <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Profile Card Widget | techeshta | Card Elements for Elementor | Medium | 6.4 | 2025-02-27 09:21:48 | Deep Dive |
| CVE-2024-13155 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.140 - Authenticated (Contributor+) Stored Cross-Site Scripting via Transparent Split Hero Widget | unitecms | Unlimited Elements For Elementor | Medium | 6.4 | 2025-02-20 07:33:37 | Deep Dive |
| CVE-2024-56000 | WordPress K Elements plugin < 5.4.0 - Unauthenticated Account Takeover vulnerability | SeventhQueen | K Elements | 超危 | - | 2025-02-18 19:54:28 | Deep Dive |
| CVE-2025-21162 | Photoshop Elements | Creation of Temporary File in Directory with Incorrect Permissions (CWE-379) | Adobe | Photoshop Elements | Medium | 5.5 | 2025-02-11 17:35:13 | Deep Dive |
| CVE-2024-10867 | Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.6.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload | visualmodo | Borderless – Addons and Templates for Elementor | Medium | 5.4 | 2025-01-31 04:21:48 | Deep Dive |
| CVE-2024-11600 | Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.6.0 - Authenticated (Administrator+) Remote Code Execution | visualmodo | Borderless – Addons and Templates for Elementor | High | 7.2 | 2025-01-30 13:41:59 | Deep Dive |
| CVE-2024-11583 | Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Missing Authorization to Icon Font Deletion | visualmodo | Borderless – Addons and Templates for Elementor | Medium | 4.3 | 2025-01-30 13:41:55 | Deep Dive |
| CVE-2024-13215 | Elementor Addon Elements <= 1.13.10 - Authenticated (Contributor+) Sensitive Information Exposure via Modal Popup | wpvibes | Addon Elements for Elementor (formerly Elementor Addon Elements) | Medium | 4.3 | 2025-01-15 12:44:27 | Deep Dive |
| CVE-2024-13153 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.135 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | unitecms | Unlimited Elements For Elementor | Medium | 6.4 | 2025-01-09 08:24:24 | Deep Dive |
| CVE-2025-22296 | WordPress Hash Elements plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability | hashthemes | Hash Elements | Medium | 6.5 | 2025-01-07 16:56:30 | Deep Dive |
| CVE-2024-56275 | WordPress Envato Elements plugin <= 2.0.14 - Server Side Request Forgery (SSRF) vulnerability | Envato | Envato Elements | Medium | 4.1 | 2025-01-07 10:49:26 | Deep Dive |
| CVE-2024-12140 | Elementor AI Addons – 70 Widgets, Premium Templates, Ultimate Elements <= 2.2.1 - Authenticated (Contributor+) Private Templates Content Disclosure | aiwp | Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements | Medium | 4.3 | 2025-01-07 04:22:18 | Deep Dive |
| CVE-2024-11095 | Visualmodo Elements <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | visualmodo | Visualmodo Elements | Medium | 6.4 | 2024-12-14 04:23:42 | Deep Dive |
| CVE-2024-10784 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.126 - Authenticated (Contributor+) Stored Cross-Site Scripting | unitecms | Unlimited Elements For Elementor | Medium | 6.4 | 2024-12-12 06:46:32 | Deep Dive |
| CVE-2023-51362 | WordPress myStickyElements plugin <= 2.1.3 - Broken Access Control vulnerability | Premio | My Sticky Elements | 中危 | - | 2024-12-09 11:29:47 | Deep Dive |
| CVE-2024-53709 | WordPress Generic Elements plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability | Nasir Uddin | Generic Elements | Medium | 6.5 | 2024-12-02 13:48:50 | Deep Dive |