| CVE-2026-25028 | WordPress ElementInvader Addons for Elementor plugin <= 1.4.1 - Broken Access Control vulnerability | Element Invader | ElementInvader Addons for Elementor | Medium | 5.4 | 2026-02-03 14:08:42 | Deep Dive |
| CVE-2026-24958 | WordPress JetElements For Elementor plugin <= 2.7.12.2 - Cross Site Scripting (XSS) vulnerability | Crocoblock | JetElements For Elementor | Medium | 6.5 | 2026-02-03 14:08:35 | Deep Dive |
| CVE-2026-24947 | WordPress LA-Studio Element Kit for Elementor plugin < 1.5.6.3 - Broken Access Control vulnerability | LA-Studio | LA-Studio Element Kit for Elementor | Medium | 4.3 | 2026-02-03 14:08:34 | Deep Dive |
| CVE-2026-1210 | Happy Addons for Elementor <= 3.20.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_elementor_data' Meta Field | thehappymonster | Happy Addons for Elementor | Medium | 6.4 | 2026-02-03 06:38:05 | Deep Dive |
| CVE-2025-14274 | Unlimited Elements for Elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Border Hero Widget | unitecms | Unlimited Elements For Elementor | Medium | 5.4 | 2026-02-03 05:30:14 | Deep Dive |
| CVE-2026-1310 | Simple calendar for Elementor <= 1.6.6 - Missing Authorization to Unauthenticated Arbitrary Calendar Entry Deletion | migaweb | Simple calendar for Elementor | Medium | 5.3 | 2026-01-28 06:43:45 | Deep Dive |
| CVE-2025-9082 | WPBITS Addons For Elementor <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpbits | WPBITS Addons For Elementor Page Builder | Medium | 6.4 | 2026-01-28 06:43:44 | Deep Dive |
| CVE-2026-0825 | Database for Contact Form 7, WPforms, Elementor forms <= 1.4.5 - Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export | crmperks | Database for Contact Form 7, WPforms, Elementor forms | Medium | 5.3 | 2026-01-28 06:43:43 | Deep Dive |
| CVE-2025-14610 | TableMaster for Elementor <= 1.3.6 - Authenticated (Author+) Server-Side Request Forgery via 'csv_url' Parameter | bloompixel | TableMaster for Elementor – Advanced Responsive Tables for Elementor | High | 7.2 | 2026-01-28 05:30:20 | Deep Dive |
| CVE-2026-0633 | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Low | 3.7 | 2026-01-24 08:26:36 | Deep Dive |
| CVE-2026-24605 | WordPress X Addons for Elementor plugin <= 1.0.23 - Broken Access Control vulnerability | pencilwp | X Addons for Elementor | Medium | 4.3 | 2026-01-23 14:29:04 | Deep Dive |
| CVE-2026-24390 | WordPress Kentha Elementor Widgets plugin < 3.1 - Local File Inclusion vulnerability | QantumThemes | Kentha Elementor Widgets | High | 7.5 | 2026-01-22 16:52:48 | Deep Dive |
| CVE-2026-24386 | WordPress Element Invader – Template Kits for Elementor plugin <= 1.2.4 - Broken Access Control vulnerability | Element Invader | Element Invader – Template Kits for Elementor | Medium | 4.3 | 2026-01-22 16:52:47 | Deep Dive |
| CVE-2026-22468 | WordPress Absolute Addons For Elementor plugin <= 1.0.14 - Broken Access Control vulnerability | AbsolutePlugins | Absolute Addons For Elementor | Medium | 4.3 | 2026-01-22 16:52:41 | Deep Dive |
| CVE-2025-69300 | WordPress Premium Addons for Elementor plugin <= 4.11.63 - Settings Change vulnerability | Leap13 | Premium Addons for Elementor | Medium | 5.4 | 2026-01-22 16:52:32 | Deep Dive |
| CVE-2025-69312 | WordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Arbitrary File Upload vulnerability | Xpro | Xpro Elementor Addons | Critical | 9.1 | 2026-01-22 16:52:32 | Deep Dive |
| CVE-2025-68999 | WordPress Happy Addons for Elementor plugin <= 3.20.4 - SQL Injection vulnerability | HappyMonster | Happy Addons for Elementor | High | 8.5 | 2026-01-22 16:52:16 | Deep Dive |
| CVE-2025-68046 | WordPress Contact Form & Lead Form Elementor Builder plugin <= 2.0.1 - Sensitive Data Exposure vulnerability | ThemeHunk | Contact Form & Lead Form Elementor Builder | Medium | 6.5 | 2026-01-22 16:52:06 | Deep Dive |
| CVE-2025-67947 | WordPress AdForest Elementor plugin <= 3.0.11 - Cross Site Scripting (XSS) vulnerability | scriptsbundle | AdForest Elementor | High | 7.1 | 2026-01-22 16:51:55 | Deep Dive |
| CVE-2025-66142 | WordPress Comparimager for Elementor plugin <= 1.0.1 - Broken Access Control vulnerability | merkulove | Comparimager for Elementor | Medium | 5.4 | 2026-01-22 16:51:51 | Deep Dive |