| CVE-2024-8960 | Cowidgets – Elementor Addons <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | codelessthemes | Cowidgets – Elementor Addons | Medium | 6.4 | 2024-11-09 02:32:04 | Deep Dive |
| CVE-2024-10325 | Elementor Header & Footer Builder <= 1.6.45 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | brainstormforce | Ultimate Addons for Elementor | Medium | 6.4 | 2024-11-08 11:31:07 | Deep Dive |
| CVE-2024-8442 | Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider <= 3.15.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blog Widget | bdthemes | Prime Slider – Addons for Elementor | Medium | 6.4 | 2024-11-07 12:30:53 | Deep Dive |
| CVE-2024-6626 | EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Missing Authorization | cscode | EleForms – All In One Form Integration including DB for Elementor | Medium | 5.3 | 2024-11-06 06:43:32 | Deep Dive |
| CVE-2024-10329 | Ultimate Bootstrap Elements for Elementor <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure | g5theme | Ultimate Bootstrap Elements for Elementor | Medium | 4.3 | 2024-11-05 13:55:29 | Deep Dive |
| CVE-2024-9867 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Map Widget | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 5.4 | 2024-11-05 11:32:22 | Deep Dive |
| CVE-2024-9657 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.5 | 2024-11-05 11:32:21 | Deep Dive |
| CVE-2024-10319 | 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template | xpro | Xpro Addons — 140+ Widgets for Elementor | Medium | 4.3 | 2024-11-05 11:00:48 | Deep Dive |
| CVE-2024-51680 | WordPress Cresta Addons for Elementor plugin <= 1.0.9 - Stored Cross Site Scripting (XSS) vulnerability | CrestaProject | Cresta Addons for Elementor | Medium | 6.5 | 2024-11-04 14:14:25 | Deep Dive |
| CVE-2024-51682 | WordPress HT Builder – WordPress Theme Builder for Elementor plugin <= 1.3.0 - Stored Cross Site Scripting (XSS) vulnerability | HasThemes | HT Builder – WordPress Theme Builder for Elementor | Medium | 6.5 | 2024-11-04 14:12:40 | Deep Dive |
| CVE-2024-51683 | WordPress Custom post type templates for Elementor plugin <= 1.10.1 - Stored Cross Site Scripting (XSS) vulnerability | Michael | Custom post type templates for Elementor | Medium | 6.5 | 2024-11-04 14:11:51 | Deep Dive |
| CVE-2024-51685 | WordPress Accordion title for Elementor plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability | Michael Gangolf | Accordion title for Elementor | Medium | 5.9 | 2024-11-04 14:10:59 | Deep Dive |
| CVE-2024-51665 | WordPress Magical Addons For Elementor plugin <= 1.2.1 - Server Side Request Forgery (SSRF) vulnerability | Noor Alam | Magical Addons For Elementor | Medium | 4.9 | 2024-11-04 13:36:36 | Deep Dive |
| CVE-2024-9868 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 5.4 | 2024-11-02 02:03:09 | Deep Dive |
| CVE-2024-10310 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2024-11-02 02:03:05 | Deep Dive |
| CVE-2024-48045 | WordPress Happy Elementor Addons plugin <= 3.12.3 - Broken Access Control vulnerability | HappyMonster | Happy Addons for Elementor | Medium | 4.3 | 2024-11-01 14:18:46 | Deep Dive |
| CVE-2024-37255 | WordPress ElementsKit Lite plugin <= 3.1.4 - Unauthenticated Broken Access Control vulnerability | Roxnor | ElementsKit Elementor addons Lite | Medium | 5.3 | 2024-11-01 14:18:29 | Deep Dive |
| CVE-2024-37269 | WordPress Masterstudy Elementor Widgets plugin <= 1.2.2 - Unauthenticated Broken Access Control vulnerability | StylemixThemes | Masterstudy Elementor Widgets | Medium | 5.3 | 2024-11-01 14:18:28 | Deep Dive |
| CVE-2024-43293 | WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.3.1 - Broken Access Control vulnerability | WPZOOM | Recipe Card Blocks for Gutenberg & Elementor | Medium | 4.3 | 2024-11-01 14:17:30 | Deep Dive |
| CVE-2024-43932 | WordPress The Plus Addons for Elementor plugin <= 5.6.2 - Broken Access Control vulnerability | POSIMYTH | The Plus Addons for Elementor Page Builder Lite | Medium | 6.5 | 2024-11-01 14:17:18 | Deep Dive |