| CVE-2024-4440 | 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | xpro | Xpro Addons — 140+ Widgets for Elementor | Medium | 6.4 | 2024-05-14 09:33:32 | Deep Dive |
| CVE-2024-35167 | WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <=1.4.8 - Cross Site Scripting (XSS) vulnerability | EnvoThemes | Envo's Elementor Templates & Widgets for WooCommerce | Medium | 6.5 | 2024-05-13 10:02:54 | Deep Dive |
| CVE-2024-34812 | WordPress ShopBuilder plugin <= 2.1.8 - Sensitive Data Exposure vulnerability | RadiusTheme | ShopBuilder – Elementor WooCommerce Builder Addons | Medium | 5.3 | 2024-05-13 09:21:18 | Deep Dive |
| CVE-2024-4329 | Thim Elementor Kit <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | thimpress | Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor | Medium | 6.4 | 2024-05-11 06:43:41 | Deep Dive |
| CVE-2024-4630 | Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | brainstormforce | Starter Templates – AI-Powered Templates for Elementor & Gutenberg | Medium | 6.4 | 2024-05-11 04:30:18 | Deep Dive |
| CVE-2024-4574 | Graphina – Elementor Charts and Graphs <= 1.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | iqonicdesign | Graphina – Charts and Graphs For Elementor | Medium | 6.4 | 2024-05-10 22:33:09 | Deep Dive |
| CVE-2024-3055 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Contributor+) SQL Injection | unitecms | Unlimited Elements For Elementor | High | 8.8 | 2024-05-10 21:32:43 | Deep Dive |
| CVE-2024-34817 | WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability | CRM Perks | Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms | Medium | 4.3 | 2024-05-10 08:35:23 | Deep Dive |
| CVE-2024-3547 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Reflected Cross-Site Scripting | unitecms | Unlimited Elements For Elementor | Medium | 6.1 | 2024-05-10 07:33:40 | Deep Dive |
| CVE-2024-4275 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Interactive Circles' | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-05-10 07:33:39 | Deep Dive |
| CVE-2024-2662 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Admin+) Command Injection | unitecms | Unlimited Elements For Elementor | High | 7.2 | 2024-05-10 07:33:38 | Deep Dive |
| CVE-2024-4449 | Essential Addons for Elementor <= 5.9.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Several Widgets | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-05-10 07:33:38 | Deep Dive |
| CVE-2024-4448 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-05-10 07:33:37 | Deep Dive |
| CVE-2024-1467 | Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.1.6 - Authenticated (Contributor+) Server-Side Request Forgery | brainstormforce | Starter Templates – AI-Powered Templates for Elementor & Gutenberg | Medium | 4.3 | 2024-05-09 20:03:40 | Deep Dive |
| CVE-2024-2785 | The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-05-09 20:03:40 | Deep Dive |
| CVE-2024-0445 | The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-05-09 20:03:37 | Deep Dive |
| CVE-2024-3990 | HT Mega – Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip & Popover Widget | devitemsllc | HT Mega Addons for Elementor – Elementor Widgets & Template Builder | Medium | 6.4 | 2024-05-09 20:03:35 | Deep Dive |
| CVE-2024-2923 | Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) <= 1.1.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Effect Widget | nalam-1 | Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) | Medium | 6.4 | 2024-05-09 20:03:32 | Deep Dive |
| CVE-2024-4339 | Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | Prime Slider – Addons for Elementor | Medium | 6.4 | 2024-05-09 20:03:31 | Deep Dive |
| CVE-2024-3831 | Enter Addons – Ultimate Template Builder for Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading widget | themelooks | Enter Addons – Ultimate Template Builder for Elementor | Medium | 6.4 | 2024-05-09 20:03:29 | Deep Dive |