| CVE-2024-5173 | HT Mega – Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Player Widget Settings | devitemsllc | HT Mega Addons for Elementor – Elementor Widgets & Template Builder | Medium | 6.4 | 2024-06-26 02:07:56 | Deep Dive |
| CVE-2024-3249 | Zita Elementor Site Library <= 1.6.2 - Missing Authorization to Page Creation and Options Modification | wpzita | Zita Site Library for Elementor | Medium | 4.3 | 2024-06-25 06:57:38 | Deep Dive |
| CVE-2024-6297 | Several WordPress.org Plugins <= Various Versions - Injected Backdoor | warfareplugins | Social Sharing Plugin – Social Warfare | Critical | 10.0 | 2024-06-25 03:30:38 | Deep Dive |
| CVE-2024-37092 | WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Local File Inclusion vulnerability | StylemixThemes | Consulting Elementor Widgets | High | 8.5 | 2024-06-24 12:23:38 | Deep Dive |
| CVE-2024-37091 | WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Remote Code Execution (RCE) vulnerability | StylemixThemes | Consulting Elementor Widgets | Critical | 9.9 | 2024-06-24 12:09:28 | Deep Dive |
| CVE-2024-37089 | WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Unauthenticated Local File Inclusion vulnerability | StylemixThemes | Consulting Elementor Widgets | Critical | 9.0 | 2024-06-24 12:07:07 | Deep Dive |
| CVE-2024-4313 | Table Addons for Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id Parameter | fusionplugin | Table Addons for Elementor | Medium | 6.4 | 2024-06-22 02:01:07 | Deep Dive |
| CVE-2024-5455 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.6 - Authenticated (Contributor+) Local File Inclusion | posimyththemes | The Plus Addons for Elementor Page Builder Pro | High | 8.8 | 2024-06-21 03:24:40 | Deep Dive |
| CVE-2024-5344 | The Plus Addons for Elementor Page Builder <= 5.5.6 - Reflected Cross-Site Scripting via WP Login and Register Widget | posimyththemes | The Plus Addons for Elementor Page Builder Pro | Medium | 6.1 | 2024-06-21 02:05:41 | Deep Dive |
| CVE-2024-5036 | Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | shaonsina | Sina Extension for Elementor | Medium | 6.4 | 2024-06-20 11:06:02 | Deep Dive |
| CVE-2024-5686 | WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget | wpzoom | WPZOOM Addons for Elementor – Starter Templates & Widgets | Medium | 6.4 | 2024-06-20 03:37:23 | Deep Dive |
| CVE-2024-4626 | JetWidgets For Elementor <= 1.0.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_type and id Parameters | jetmonsters | JetWidgets For Elementor | Medium | 6.4 | 2024-06-20 02:08:21 | Deep Dive |
| CVE-2023-35050 | WordPress Elementor Pro plugin <= 3.13.0 - Auth. Broken Access Control vulnerability | Elementor | Elementor Pro | Medium | 6.5 | 2024-06-19 12:28:02 | Deep Dive |
| CVE-2023-39993 | WordPress ElementsKit Lite plugin <= 2.9.0 - Broken Access Control vulnerability | Wpmet | Elements kit Elementor addons | Medium | 4.3 | 2024-06-19 12:07:08 | Deep Dive |
| CVE-2023-48759 | WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Arbitrary Attachment Download vulnerability | Crocoblock | JetElements For Elementor | High | 7.5 | 2024-06-19 10:32:10 | Deep Dive |
| CVE-2023-48760 | WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Broken Access Control vulnerability | Crocoblock | JetElements For Elementor | High | 8.2 | 2024-06-19 10:21:33 | Deep Dive |
| CVE-2023-48761 | WordPress JetElements For Elementor plugin <= 2.6.13 - Broken Access Control vulnerability | Crocoblock | JetElements For Elementor | Medium | 6.3 | 2024-06-19 10:20:17 | Deep Dive |
| CVE-2024-4623 | Blogmentor – Blog Layouts for Elementor <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagination_style Parameter | auburnforest | Blogmentor – Blog Layouts for Elementor | Medium | 6.4 | 2024-06-19 03:12:33 | Deep Dive |
| CVE-2024-4663 | OSM Map Widget for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | garbowza | OSM Map Widget for Elementor | Medium | 6.4 | 2024-06-19 03:12:29 | Deep Dive |
| CVE-2024-0845 | PDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via render | redlettuce | PDF Viewer for Elementor | Medium | 6.4 | 2024-06-18 02:37:12 | Deep Dive |