| CVE-2024-5611 | Stratum – Elementor Widgets <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget | jetmonsters | Stratum Widgets for Elementor | Medium | 6.4 | 2024-06-15 09:43:51 | Deep Dive |
| CVE-2024-4479 | Jeg Elementor Kit <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Tabs and JKit - Accordion Widgets | jegtheme | Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress | Medium | 6.4 | 2024-06-15 02:02:01 | Deep Dive |
| CVE-2024-4371 | CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Unauthenticated PHP Object Injection | codexpert | CoDesigner – All in One Elementor WooCommerce Builder | Critical | 9.0 | 2024-06-13 08:31:33 | Deep Dive |
| CVE-2024-1565 | EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-06-13 08:31:32 | Deep Dive |
| CVE-2024-4615 | Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Horizontal Nav Menu Widget | elespare | EleSpare – News, Magazine and Blog Addons for Elementor | Medium | 6.4 | 2024-06-13 07:31:53 | Deep Dive |
| CVE-2024-5787 | PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Effects Widget | ideaboxcreations | PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) | Medium | 6.4 | 2024-06-13 05:34:46 | Deep Dive |
| CVE-2024-5757 | Elementor Header & Footer Builder <= 1.6.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Title Widget | brainstormforce | Ultimate Addons for Elementor | Medium | 6.4 | 2024-06-13 05:34:45 | Deep Dive |
| CVE-2024-2092 | Elementor Addon Elements <= 1.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Widget | wpvibes | Addon Elements for Elementor (formerly Elementor Addon Elements) | Medium | 5.4 | 2024-06-12 09:33:13 | Deep Dive |
| CVE-2024-3925 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick events | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2024-06-12 07:32:53 | Deep Dive |
| CVE-2024-4564 | CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | codexpert | CoDesigner – All in One Elementor WooCommerce Builder | Medium | 6.4 | 2024-06-12 03:33:15 | Deep Dive |
| CVE-2024-5553 | Premium Addons for Elementor <= 4.10.33 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | leap13 | Premium Addons for Elementor – Powerful Elementor Templates & Widgets | Medium | 4.4 | 2024-06-12 03:09:57 | Deep Dive |
| CVE-2024-4669 | Events Addon for Elementor <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | nicheaddons | Events Addon for Elementor | Medium | 6.4 | 2024-06-11 20:33:01 | Deep Dive |
| CVE-2024-5189 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.23 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-06-11 13:54:00 | Deep Dive |
| CVE-2023-33922 | WordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerability | Elementor | Elementor Website Builder | Medium | 4.3 | 2024-06-11 09:17:29 | Deep Dive |
| CVE-2024-4266 | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 3.8.8 - Unauthenticated Sensitive Information Exposure | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.3 | 2024-06-11 07:32:26 | Deep Dive |
| CVE-2024-5530 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-06-11 04:32:13 | Deep Dive |
| CVE-2024-35724 | WordPress Bosa Elementor Addons and Templates for WooCommerce plugin <= 1.0.12 - Broken Access Control vulnerability | Bosa Themes | Bosa Elementor Addons and Templates for WooCommerce | Medium | 4.3 | 2024-06-10 07:49:28 | Deep Dive |
| CVE-2024-35725 | WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.6 - Broken Access Control vulnerability | LA-Studio | LA-Studio Element Kit for Elementor | Medium | 4.3 | 2024-06-10 07:48:05 | Deep Dive |
| CVE-2024-32727 | WordPress RomethemeForm For Elementor plugin <= 1.1.2 - Broken Access Control vulnerability | Rometheme | RomethemeForm For Elementor | Medium | 5.3 | 2024-06-09 15:02:07 | Deep Dive |
| CVE-2024-32783 | WordPress Advanced Testimonial Carousel for Elementor plugin <= 3.0.0 - Broken Access Control vulnerability | wpcreativeidea | Advanced Testimonial Carousel for Elementor | Medium | 4.3 | 2024-06-09 13:03:11 | Deep Dive |