| CVE-2024-1166 | Image Hover Effects - Elementor Addon <= 1.4.1 - Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget | blocksera | Image Hover Effects – Elementor Addon | Medium | 6.4 | 2024-05-09 20:03:25 | Deep Dive |
| CVE-2024-4316 | EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-05-09 20:03:23 | Deep Dive |
| CVE-2023-6327 | ShopLentor (formerly WooLentor) <= 2.8.7 - Missing Authorization via purchased_new_products | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 5.3 | 2024-05-09 20:03:22 | Deep Dive |
| CVE-2024-3680 | Enter Addons – Ultimate Template Builder for Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animation Title widget img tag | themelooks | Enter Addons – Ultimate Template Builder for Elementor | Medium | 6.4 | 2024-05-09 20:03:22 | Deep Dive |
| CVE-2024-4107 | Elementor Website Builder Pro <= 3.21.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | https://elementor.com/ | Elementor Website Builder Pro | Medium | 6.4 | 2024-05-09 20:03:19 | Deep Dive |
| CVE-2024-3989 | HT Mega – Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Justify | devitemsllc | HT Mega Addons for Elementor – Elementor Widgets & Template Builder | Medium | 6.4 | 2024-05-09 20:03:18 | Deep Dive |
| CVE-2024-4606 | WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder plugin <= 2.0.3 - PHP Object Injection vulnerability | BdThemes | Ultimate Store Kit Elementor Addons | Medium | 5.4 | 2024-05-09 11:59:19 | Deep Dive |
| CVE-2024-34415 | WordPress Thim Elementor Kit plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability | ThimPress | Thim Elementor Kit | Medium | 6.5 | 2024-05-09 11:34:52 | Deep Dive |
| CVE-2024-34432 | WordPress Better Elementor Addons plugin <= 1.4.4 - Cross Site Scripting (XSS) vulnerability | BetterAddons | Better Elementor Addons | Medium | 6.5 | 2024-05-09 11:06:53 | Deep Dive |
| CVE-2024-34436 | WordPress SKT Addons for Elementor plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability | SKT Themes | SKT Addons for Elementor | Medium | 6.5 | 2024-05-09 11:05:34 | Deep Dive |
| CVE-2024-34445 | WordPress SKT Addons for Elementor plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability | SKT Themes | SKT Addons for Elementor | Medium | 6.5 | 2024-05-09 11:00:34 | Deep Dive |
| CVE-2024-24833 | WordPress Happy Addons for Elementor plugin <= 3.10.1 - Broken Access Control on Post Clone vulnerability | HappyMonster | Happy Addons for Elementor | Medium | 4.3 | 2024-05-08 13:28:22 | Deep Dive |
| CVE-2024-34547 | WordPress Magical Addons For Elementor plugin <= 1.1.34 - Cross Site Scripting (XSS) vulnerability | Noor alam | Magical Addons For Elementor | Medium | 6.5 | 2024-05-08 11:31:10 | Deep Dive |
| CVE-2024-34562 | WordPress Move Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability | Moveaddons | Move Addons for Elementor | Medium | 6.5 | 2024-05-08 11:08:15 | Deep Dive |
| CVE-2024-34563 | WordPress Gold Addons for Elementor plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability | GoldAddons | Gold Addons for Elementor | Medium | 6.5 | 2024-05-08 11:06:30 | Deep Dive |
| CVE-2024-34570 | WordPress Xpro Elementor Addons plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability | Xpro | Xpro Elementor Addons | Medium | 5.9 | 2024-05-08 10:37:23 | Deep Dive |
| CVE-2024-34572 | WordPress Fancy Elementor Flipbox plugin <= 2.4.2 - Cross Site Scripting (XSS) vulnerability | ThemePrix | Fancy Elementor Flipbox | Medium | 6.5 | 2024-05-08 09:12:07 | Deep Dive |
| CVE-2024-4345 | Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Upload | wshberlin | Startklar Elementor Addons | Critical | 9.8 | 2024-05-07 08:31:05 | Deep Dive |
| CVE-2024-4346 | Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Deletion | wshberlin | Startklar Elementor Addons | Critical | 9.1 | 2024-05-07 08:31:05 | Deep Dive |
| CVE-2024-34373 | WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability | POSIMYTH | The Plus Addons for Elementor Page Builder Lite | Medium | 6.5 | 2024-05-06 18:31:20 | Deep Dive |