| CVE-2024-7092 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via no_more_items_text Parameter | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-08-13 04:29:11 | Deep Dive |
| CVE-2024-43123 | WordPress Card Elements for Elementor plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability | Techeshta | Card Elements for Elementor | Medium | 6.5 | 2024-08-12 22:39:20 | Deep Dive |
| CVE-2024-43150 | WordPress Xpro Elementor Addons plugin <= 1.4.4.2 - Cross Site Scripting (XSS) vulnerability | Xpro | Xpro Elementor Addons | Medium | 6.5 | 2024-08-12 22:12:09 | Deep Dive |
| CVE-2024-43210 | WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.9.2 - Cross Site Scripting (XSS) vulnerability | LA-Studio | LA-Studio Element Kit for Elementor | Medium | 6.5 | 2024-08-12 21:46:25 | Deep Dive |
| CVE-2024-4359 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Arbitrary File Read | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.5 | 2024-08-09 04:29:50 | Deep Dive |
| CVE-2024-4360 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2024-08-09 04:29:49 | Deep Dive |
| CVE-2024-6824 | Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update | leap13 | Premium Addons for Elementor – Powerful Elementor Templates & Widgets | Medium | 4.3 | 2024-08-08 05:31:47 | Deep Dive |
| CVE-2024-4643 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2024-08-02 09:29:44 | Deep Dive |
| CVE-2024-39644 | WordPress Black Widgets For Elementor plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability | Modernaweb Studio | Black Widgets For Elementor | Medium | 6.5 | 2024-08-01 22:17:12 | Deep Dive |
| CVE-2024-39649 | WordPress Essential Addons for Elementor plugin <= 5.9.26 - Cross Site Scripting (XSS) vulnerability | WPDeveloper | Essential Addons for Elementor | Medium | 6.5 | 2024-08-01 21:54:56 | Deep Dive |
| CVE-2024-39662 | WordPress Black Widgets For Elementor plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability | Modernaweb Studio | Black Widgets For Elementor | Medium | 6.5 | 2024-08-01 21:38:40 | Deep Dive |
| CVE-2024-39667 | WordPress Element Pack Elementor Addons plugin <= 5.6.11 - Cross Site Scripting (XSS) vulnerability | BdThemes | Element Pack Elementor Addons | Medium | 6.5 | 2024-08-01 21:33:26 | Deep Dive |
| CVE-2024-39668 | WordPress Extensions for Elementor plugin <= 2.0.31 - Cross Site Scripting (XSS) vulnerability | petesheppard84 | Extensions for Elementor | Medium | 6.5 | 2024-08-01 21:31:07 | Deep Dive |
| CVE-2024-38768 | WordPress The Pack Elementor addons plugin <= 2.0.8.6 - Local File Inclusion vulnerability | Webangon | The Pack Elementor addons | Medium | 4.3 | 2024-08-01 20:58:29 | Deep Dive |
| CVE-2024-38772 | WordPress JetWidgets for Elementor and WooCommerce plugin <= 1.1.7 - Contributor+ Limited Local File Inclusion vulnerability | Crocoblock | JetWidgets for Elementor and WooCommerce | Medium | 6.5 | 2024-08-01 20:49:55 | Deep Dive |
| CVE-2024-39634 | WordPress PowerPack Pro for Elementor plugin <= 2.10.14 - Contributor+ Privilege Escalation vulnerability | IdeaBox | PowerPack Pro for Elementor | High | 8.8 | 2024-08-01 20:32:49 | Deep Dive |
| CVE-2024-2455 | Element Pack - Addon for Elementor Page Builder WordPress Plugin <= 7.9.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link URL | BDThemes | Element Pack Pro - Addon for Elementor Page Builder WordPress Plugin | Medium | 6.4 | 2024-08-01 12:43:27 | Deep Dive |
| CVE-2024-6627 | Happy Addons for Elementor <= 3.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via PDF View Widget | thehappymonster | Happy Addons for Elementor | Medium | 6.4 | 2024-07-27 11:13:38 | Deep Dive |
| CVE-2024-5614 | Piotnet Addons For Elementor <= 2.4.29 - Unauthenticated Sensitive Information Exposure | piotnetdotcom | Piotnet Addons For Elementor | Medium | 5.3 | 2024-07-27 11:13:36 | Deep Dive |
| CVE-2024-5818 | Royal Elementor Addons and Templates <= 1.3.980 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Magazine Grid/Slider Widget | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.4 | 2024-07-24 12:43:45 | Deep Dive |