| CVE-2024-3190 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field | unitecms | Unlimited Elements For Elementor | Medium | 5.4 | 2024-05-30 03:34:28 | Deep Dive |
| CVE-2024-5086 | Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.8.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Carousel Widget | Essential Addons | Essential Addons for Elementor Pro | Medium | 6.4 | 2024-05-29 07:33:53 | Deep Dive |
| CVE-2023-6743 | Unlimited Elements for Elementor <= 1.5.89 - Authenticated(Contributor+) Remote Code Execution via template import | unitecms | Unlimited Elements For Elementor | High | 8.8 | 2024-05-29 04:30:14 | Deep Dive |
| CVE-2024-4858 | Testimonial Carousel For Elementor <= 10.2.0 - Missing Authorization to Limited Setting Update | uapp | Testimonial Carousel For Elementor | Medium | 5.3 | 2024-05-25 02:50:07 | Deep Dive |
| CVE-2024-5229 | Primary Addon for Elementor <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget | nicheaddons | Primary Addon for Elementor | Medium | 6.4 | 2024-05-25 02:34:22 | Deep Dive |
| CVE-2024-4484 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-05-24 06:42:18 | Deep Dive |
| CVE-2024-5060 | LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor <= 1.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | kapasias | LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor | Medium | 6.4 | 2024-05-24 06:42:17 | Deep Dive |
| CVE-2024-4485 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-05-24 06:42:16 | Deep Dive |
| CVE-2024-3718 | The Plus Addons for Elementor <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar, Header Meta Content, Scroll Navigation, Pricing Table, & Flip Box | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-05-24 05:30:53 | Deep Dive |
| CVE-2024-2784 | The Plus Addons for Elementor <= 5.5.4 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Hover Card | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-05-24 04:29:59 | Deep Dive |
| CVE-2024-2618 | Elementor Header & Footer Builder <= 1.6.26 - Authenticated (Contributor+) Stored Cross-Site Scripting | brainstormforce | Ultimate Addons for Elementor | Medium | 6.4 | 2024-05-24 04:29:58 | Deep Dive |
| CVE-2024-4471 | 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3.1 - Authenticated (Contributor+) PHP Object Injection | xpro | Xpro Addons — 140+ Widgets for Elementor | High | 8.0 | 2024-05-23 12:43:38 | Deep Dive |
| CVE-2024-1803 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Insufficient Authorization Checks to Block Usual | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 4.3 | 2024-05-23 12:43:29 | Deep Dive |
| CVE-2024-4378 | Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Menu and Shape Divider | leap13 | Premium Addons for Elementor – Powerful Elementor Templates & Widgets | Medium | 6.4 | 2024-05-23 11:02:39 | Deep Dive |
| CVE-2024-3997 | Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget | bdthemes | Prime Slider – Addons for Elementor | Medium | 6.4 | 2024-05-23 11:02:38 | Deep Dive |
| CVE-2024-4779 | Unlimited Elements for Elementor <= 1.5.107 - Authenticated (Contributor+) SQL Injection via data[post_ids][0] | unitecms | Unlimited Elements For Elementor | High | 8.8 | 2024-05-23 09:32:33 | Deep Dive |
| CVE-2023-6325 | RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate | rometheme | RTMForm Builder | Medium | 5.3 | 2024-05-23 04:30:54 | Deep Dive |
| CVE-2024-4431 | LA-Studio Element Kit for Elementor <= 1.3.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | choijun | LA-Studio Element Kit for Elementor | Medium | 6.4 | 2024-05-23 03:31:17 | Deep Dive |
| CVE-2024-4486 | Awesome Contact Form7 for Elementor <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via AEP Contact Form 7 Widget | rafiul17 | Awesome Contact Form7 for Elementor | Medium | 6.4 | 2024-05-23 01:56:18 | Deep Dive |
| CVE-2024-3926 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2024-05-22 14:32:39 | Deep Dive |