| CVE-2026-22350 | WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.3.1 - Broken Access Control vulnerability | add-ons.org | PDF for Elementor Forms + Drag And Drop Template Builder | Medium | 6.5 | 2026-02-20 15:47:01 | Deep Dive |
| CVE-2025-69382 | WordPress Themesflat Elementor plugin <= 1.0.1 - PHP Object Injection vulnerability | themesflat | Themesflat Elementor | Critical | 9.8 | 2026-02-20 15:46:54 | Deep Dive |
| CVE-2025-69374 | WordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 2.0.3 - Local File Inclusion vulnerability | SolverWp | Eleblog – Elementor Blog And Magazine Addons | High | 8.1 | 2026-02-20 15:46:52 | Deep Dive |
| CVE-2025-68841 | WordPress TopperPack – Complete Elementor Addons, theme & CPT Builder plugin <= 1.2.1 - Local File Inclusion vulnerability | Themepul | TopperPack – Complete Elementor Addons, Theme & CPT Builder | High | 7.5 | 2026-02-20 15:46:42 | Deep Dive |
| CVE-2025-68531 | WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - PHP Object Injection vulnerability | modeltheme | ModelTheme Addons for WPBakery and Elementor | High | 8.8 | 2026-02-20 15:46:39 | Deep Dive |
| CVE-2025-67998 | WordPress Miraculous Elementor plugin <= 2.0.7 - Broken Authentication vulnerability | kamleshyadav | Miraculous Elementor | High | 8.8 | 2026-02-20 15:46:34 | Deep Dive |
| CVE-2024-52387 | WordPress Master Addons plugin <= 2.0.9.9.4 - Cross Site Scripting (XSS) vulnerability | Liton Arefin | Master Addons for Elementor | Medium | 5.9 | 2026-02-20 15:46:26 | Deep Dive |
| CVE-2024-50555 | WordPress Elementor Website Builder plugin <= 3.29.0 - Cross Site Scripting (XSS) vulnerability | Elementor | Elementor Website Builder | Medium | 6.5 | 2026-02-20 15:46:25 | Deep Dive |
| CVE-2026-2486 | Master Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ma_el_bh_table_btn_text' | litonice13 | Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits | Medium | 6.4 | 2026-02-20 11:26:37 | Deep Dive |
| CVE-2026-25416 | WordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerability | blazethemes | News Kit Elementor Addons | Medium | 4.3 | 2026-02-19 08:27:06 | Deep Dive |
| CVE-2026-25386 | WordPress Ally plugin <= 4.0.2 - Broken Access Control vulnerability | Elementor | Ally | Medium | 5.3 | 2026-02-19 08:27:02 | Deep Dive |
| CVE-2026-25387 | WordPress Image Optimizer by Elementor plugin <= 1.7.1 - Broken Access Control vulnerability | Elementor | Image Optimizer by Elementor | Medium | 4.3 | 2026-02-19 08:27:02 | Deep Dive |
| CVE-2026-25319 | WordPress Zita Elementor Site Library plugin <= 1.6.6 - Cross Site Request Forgery (CSRF) vulnerability | wpzita | Zita Elementor Site Library | Medium | 4.3 | 2026-02-19 08:26:55 | Deep Dive |
| CVE-2026-25320 | WordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerability | Cool Plugins | Elementor Contact Form DB | Medium | 5.3 | 2026-02-19 08:26:55 | Deep Dive |
| CVE-2026-23543 | WordPress Essential Addons for Elementor plugin <= 6.5.5 - Broken Access Control vulnerability | WPDeveloper | Essential Addons for Elementor | Medium | 5.3 | 2026-02-19 08:26:49 | Deep Dive |
| CVE-2026-2284 | News Element Elementor Blog Magazine <= 1.0.8 - Missing Authorization to Authenticated (Subscriber+) Data Loss | webangon | News Element Elementor Blog Magazine | Medium | 5.4 | 2026-02-19 04:36:26 | Deep Dive |
| CVE-2026-2386 | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Incorrect Authorization to Authenticated (Author+) Arbitrary Draft Post Creation via 'post_type' | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 4.3 | 2026-02-18 12:28:35 | Deep Dive |
| CVE-2026-1793 | Element Pack Addons for Elementor <= 8.3.17 - Authenticated (Contributor+) Arbitrary File Read | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.5 | 2026-02-15 03:24:34 | Deep Dive |
| CVE-2026-1512 | Essential Addons for Elementor <= 6.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2026-02-14 09:49:39 | Deep Dive |
| CVE-2026-2295 | WPZOOM Addons for Elementor – Starter Templates & Widgets <= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more | wpzoom | WPZOOM Addons for Elementor – Starter Templates & Widgets | Medium | 5.3 | 2026-02-11 09:27:15 | Deep Dive |