| CVE-2024-2926 | Elementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Various Widgets | livemesh | Livemesh Addons by Elementor | Medium | 6.4 | 2024-07-04 03:32:24 | Deep Dive |
| CVE-2024-2385 | Elementor Addons by Livemesh <= 8.4 - Authenticated (Contributor+) Limited Local File Inclusion via Widgets | livemesh | Livemesh Addons by Elementor | High | 8.8 | 2024-07-04 03:32:23 | Deep Dive |
| CVE-2024-3638 | Elementor Addons by Livemesh <= 8.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Marquee Text Widget, Testimonials Widget, and Testimonial Slider Widgets | livemesh | Livemesh Addons by Elementor | Medium | 6.4 | 2024-07-04 03:32:23 | Deep Dive |
| CVE-2024-6340 | Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget | leap13 | Premium Addons for Elementor – Powerful Elementor Templates & Widgets | Medium | 6.4 | 2024-07-03 07:32:38 | Deep Dive |
| CVE-2024-4482 | The Plus Addons for Elementor <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-07-03 07:32:37 | Deep Dive |
| CVE-2024-5260 | Sina Extension for Elementor <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via read_more_text Parameter | shaonsina | Sina Extension for Elementor | Medium | 6.4 | 2024-07-02 08:32:52 | Deep Dive |
| CVE-2024-37479 | WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.8.1 - Contributor+ Local File Inclusion vulnerability | LA-Studio | LA-Studio Element Kit for Elementor | High | 8.5 | 2024-07-02 07:40:09 | Deep Dive |
| CVE-2024-5504 | Rife Elementor Extensions & Templates <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Widget | apollo13themes | Rife Extensions & Templates for Elementor | Medium | 6.4 | 2024-07-02 07:37:03 | Deep Dive |
| CVE-2024-1427 | The Post Grid <= 7.7.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via section title tag | techlabpro1 | The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid | Medium | 6.4 | 2024-07-02 05:32:56 | Deep Dive |
| CVE-2024-5349 | LA-Studio Element Kit for Elementor <= 1.3.8.1 - Authenticated (Contributor+) Local File Inclusion | choijun | LA-Studio Element Kit for Elementor | High | 8.8 | 2024-07-02 04:31:35 | Deep Dive |
| CVE-2024-5419 | Void Contact Form 7 Widget For Elementor Page Builder <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7_redirect_page Attribute | voidthemes | Void Contact Form 7 Widget For Elementor Page Builder | Medium | 6.4 | 2024-07-02 03:14:52 | Deep Dive |
| CVE-2024-5790 | Happy Addons for Elementor <= 3.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gradient Heading Widget | thehappymonster | Happy Addons for Elementor | Medium | 6.4 | 2024-06-29 07:05:39 | Deep Dive |
| CVE-2024-5666 | Extensions for Elementor <= 2.0.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter | petesheppard84 | Extensions for Elementor | Medium | 6.4 | 2024-06-29 07:05:38 | Deep Dive |
| CVE-2024-5662 | Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) <= 3.11.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Count (Static) Widget | bdthemes | Ultimate Post Kit Addons for Elementor | Medium | 6.4 | 2024-06-28 08:33:29 | Deep Dive |
| CVE-2024-4983 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.0- Authenticated (Contributor+) Stored Cross-Site Scripting | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-06-27 08:34:21 | Deep Dive |
| CVE-2024-6283 | DethemeKit For Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via URL Parameter of the De Gallery Widget | detheme | DethemeKit for Elementor | Medium | 5.4 | 2024-06-27 04:38:48 | Deep Dive |
| CVE-2024-4570 | Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpvibes | Addon Elements for Elementor (formerly Elementor Addon Elements) | Medium | 6.4 | 2024-06-27 04:04:33 | Deep Dive |
| CVE-2024-4569 | Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpvibes | Addon Elements for Elementor (formerly Elementor Addon Elements) | Medium | 6.4 | 2024-06-27 04:04:32 | Deep Dive |
| CVE-2024-5215 | HT Mega – Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | devitemsllc | HT Mega Addons for Elementor – Elementor Widgets & Template Builder | Medium | 6.4 | 2024-06-26 06:56:04 | Deep Dive |
| CVE-2024-5332 | Exclusive Addons for Elementor <= 2.6.9.8 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Card Widget | timstrifler | Exclusive Addons for Elementor | Medium | 6.4 | 2024-06-26 05:40:24 | Deep Dive |