| CVE-2024-37520 | WordPress ShopBuilder – Elementor WooCommerce Builder Addons plugin <= 2.1.12 - Local File Inclusion vulnerability | RadiusTheme | ShopBuilder – Elementor WooCommerce Builder Addons | Medium | 6.5 | 2024-07-09 12:20:03 | Deep Dive |
| CVE-2024-4862 | WPBITS Addons For Elementor Page Builder <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | wpbits | WPBITS Addons For Elementor Page Builder | Medium | 6.4 | 2024-07-09 11:02:41 | Deep Dive |
| CVE-2024-37462 | WordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.2 - Local File Inclusion vulnerability | G5Theme | Ultimate Bootstrap Elements for Elementor | High | 8.5 | 2024-07-09 10:50:21 | Deep Dive |
| CVE-2024-37455 | WordPress Ultimate Addons for elementor plugin <= 1.36.31 - Privilege Escalation vulnerability | Brainstorm Force | Ultimate Addons for Elementor | High | 8.8 | 2024-07-09 10:48:21 | Deep Dive |
| CVE-2024-37437 | WordPress Elementor Website Builder plugin <= 3.22.1 - Arbitrary SVG File Download vulnerability | Elementor | Elementor Website Builder | Medium | 5.5 | 2024-07-09 10:38:55 | Deep Dive |
| CVE-2024-37420 | WordPress Zita Elementor Site Library plugin <= 1.6.1 - Arbitrary Code Execution vulnerability | WPZita | Zita Elementor Site Library | Critical | 9.9 | 2024-07-09 10:18:45 | Deep Dive |
| CVE-2024-37419 | WordPress Cowidgets – Elementor Addons plugin <= 1.1.1 - Local File Inclusion vulnerability | Codeless | Cowidgets – Elementor Addons | High | 7.5 | 2024-07-09 10:17:04 | Deep Dive |
| CVE-2024-37090 | SQL Injection vulnerability in multiple StylemixThemes premium themes | StylemixThemes | Masterstudy Elementor Widgets | High | 8.5 | 2024-07-09 09:14:28 | Deep Dive |
| CVE-2024-4868 | Extensions for Elementor <= 2.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via EE Events and EE Flipbox Widget | petesheppard84 | Extensions for Elementor | Medium | 6.4 | 2024-07-09 08:33:05 | Deep Dive |
| CVE-2024-4667 | Blog, Posts and Category Filter for Elementor <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post and Category Filter Widget | plugindevs | Blog, Posts and Category Filter for Elementor | Medium | 6.4 | 2024-07-09 04:32:56 | Deep Dive |
| CVE-2024-6169 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'username' | unitecms | Unlimited Elements For Elementor | Medium | 6.4 | 2024-07-09 04:32:56 | Deep Dive |
| CVE-2024-6170 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'email' | unitecms | Unlimited Elements For Elementor | Medium | 6.4 | 2024-07-09 04:32:56 | Deep Dive |
| CVE-2024-6166 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Time-Based SQL Injection | unitecms | Unlimited Elements For Elementor | High | 8.8 | 2024-07-09 04:32:54 | Deep Dive |
| CVE-2024-6171 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - IP Address Spoofing to Antispam Bypass | unitecms | Unlimited Elements For Elementor | Medium | 5.3 | 2024-07-09 04:32:53 | Deep Dive |
| CVE-2024-37554 | WordPress UltraAddons plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability | Saiful Islam | UltraAddons Elementor Lite | Medium | 6.5 | 2024-07-06 16:12:56 | Deep Dive |
| CVE-2024-37547 | WordPress Elementor Addons by Livemesh plugin <= 8.4.0 - Local File Inclusion vulnerability | Livemesh | Livemesh Addons for Elementor | Medium | 6.5 | 2024-07-06 14:39:52 | Deep Dive |
| CVE-2024-37541 | WordPress Elementor Addons, Widgets and Enhancements – Stax plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability | StaxWP | Elementor Addons, Widgets and Enhancements – Stax | Medium | 6.5 | 2024-07-06 12:33:06 | Deep Dive |
| CVE-2024-6434 | Premium Addons for Elementor <= 4.10.35 - Regular Expressions Denial of Service | leap13 | Premium Addons for Elementor – Powerful Elementor Templates & Widgets | Low | 3.1 | 2024-07-04 08:32:22 | Deep Dive |
| CVE-2024-3639 | Elementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Grid | livemesh | Livemesh Addons by Elementor | Medium | 6.4 | 2024-07-04 03:32:25 | Deep Dive |
| CVE-2024-2926 | Elementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Various Widgets | livemesh | Livemesh Addons by Elementor | Medium | 6.4 | 2024-07-04 03:32:24 | Deep Dive |