| CVE-2024-34374 | WordPress ElementsReady Addons for Elementor plugin <= 5.8.0 - Cross Site Scripting (XSS) vulnerability | QuomodoSoft | ElementsReady Addons for Elementor | Medium | 6.5 | 2024-05-06 18:29:41 | Deep Dive |
| CVE-2024-33914 | WordPress Exclusive Addons for Elementor plugin <= 2.6.9.1 - Broken Access Control on Post Duplication vulnerability | Exclusive Addons | Exclusive Addons Elementor | Medium | 4.3 | 2024-05-03 08:36:06 | Deep Dive |
| CVE-2024-33919 | WordPress RomethemeKit For Elementor plugin <= 1.4.1 - Broken Access Control vulnerability | Rometheme | RomethemeKit For Elementor | Medium | 6.5 | 2024-05-03 08:31:49 | Deep Dive |
| CVE-2024-33945 | WordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability | solverwp.com | Eleblog – Elementor Blog And Magazine Addons | Medium | 6.5 | 2024-05-03 06:57:12 | Deep Dive |
| CVE-2024-3936 | The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 7.6.1 - Missing Authorization | techlabpro1 | The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid | Medium | 4.3 | 2024-05-02 16:52:52 | Deep Dive |
| CVE-2024-3743 | Elementor Addon Elements <= 1.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpvibes | Addon Elements for Elementor (formerly Elementor Addon Elements) | Medium | 6.4 | 2024-05-02 16:52:51 | Deep Dive |
| CVE-2024-2751 | Exclusive Addons for Elementor <= 2.6.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBox | timstrifler | Exclusive Addons for Elementor | Medium | 6.4 | 2024-05-02 16:52:50 | Deep Dive |
| CVE-2024-2082 | EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.7 - Unauthenticated Stored Cross-Site Scripting | cscode | EleForms – All In One Form Integration including DB for Elementor | High | 7.2 | 2024-05-02 16:52:41 | Deep Dive |
| CVE-2024-2349 | Fancy Elementor Flipbox <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Elementor Flipbox Widget | hosseinhashemi | Fancy Elementor Flipbox | Medium | 6.4 | 2024-05-02 16:52:38 | Deep Dive |
| CVE-2024-3307 | HT Mega – Absolute Addons For Elementor <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget | devitemsllc | HT Mega Addons for Elementor – Elementor Widgets & Template Builder | Medium | 6.4 | 2024-05-02 16:52:37 | Deep Dive |
| CVE-2024-3197 | The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-05-02 16:52:32 | Deep Dive |
| CVE-2024-3715 | Database for Contact Form 7, WPforms, Elementor forms <= 1.3.8 - Unauthenticated Stored Cross-Site Scripting | crmperks | Database for Contact Form 7, WPforms, Elementor forms | High | 7.2 | 2024-05-02 16:52:31 | Deep Dive |
| CVE-2024-3891 | Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags | thehappymonster | Happy Addons for Elementor | Medium | 6.4 | 2024-05-02 16:52:31 | Deep Dive |
| CVE-2024-3199 | The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-05-02 16:52:30 | Deep Dive |
| CVE-2024-4265 | Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.5.9 - Contributor+ Stored Cross-Site Scripting | litonice13 | Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits | Medium | 6.4 | 2024-05-02 16:52:29 | Deep Dive |
| CVE-2024-3650 | WordPress plugin ElementsKit Elementor addons 安全漏洞 | xpeedstudio | ElementsKit Elementor addons and Templates Library | Medium | 6.4 | 2024-05-02 16:52:26 | Deep Dive |
| CVE-2024-2084 | HT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox Widget | devitemsllc | HT Mega Addons for Elementor – Elementor Widgets & Template Builder | Medium | 6.4 | 2024-05-02 16:52:24 | Deep Dive |
| CVE-2023-7067 | ShopLentor <= 2.8.1 - Improper Authorization via woolentor_template_store | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 4.3 | 2024-05-02 16:52:21 | Deep Dive |
| CVE-2024-3724 | Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline | thehappymonster | Happy Addons for Elementor | Medium | 6.4 | 2024-05-02 16:52:18 | Deep Dive |
| CVE-2024-1567 | Royal Elementor Addons and Templates <= 1.3.94 - Unauthenticated Limited File Upload | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | High | 8.2 | 2024-05-02 16:52:15 | Deep Dive |