| CVE-2024-32508 | WordPress DethemeKit For Elementor plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability | deTheme | DethemeKit For Elementor | Medium | 6.5 | 2024-04-17 09:53:06 | Deep Dive |
| CVE-2024-32515 | WordPress Mega Addons For Elementor plugin <= 1.8 - Broken Access Control vulnerability | Qamar Sheeraz, Nasir Ahmad | Mega Addons For Elementor | Medium | 5.4 | 2024-04-17 07:41:51 | Deep Dive |
| CVE-2024-32557 | WordPress Exclusive Addons for Elementor plugin <= 2.6.9.2 - Cross Site Scripting (XSS) vulnerability | Exclusive Addons | Exclusive Addons Elementor | Medium | 6.5 | 2024-04-16 06:39:27 | Deep Dive |
| CVE-2024-31289 | WordPress Hello Elementor theme <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability | Elementor | Hello Elementor | Medium | 4.3 | 2024-04-12 12:36:40 | Deep Dive |
| CVE-2024-2137 | All-in-One Addons for Elementor – WidgetKit <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Widgets | shamsbd71 | All-in-One Addons for Elementor – WidgetKit | Medium | 6.4 | 2024-04-12 02:33:16 | Deep Dive |
| CVE-2024-2966 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.5.6 - Sensitive Information Exposure via element_pack_ajax_search | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 5.3 | 2024-04-11 07:31:36 | Deep Dive |
| CVE-2024-31278 | WordPress Premium Addons for Elementor plugin <= 4.10.22 - Sensitive Data Exposure vulnerability | Leap13 | Premium Addons for Elementor | Medium | 4.3 | 2024-04-10 15:36:28 | Deep Dive |
| CVE-2024-2655 | Elementor Addons by Livemesh <= 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name | livemesh | Livemesh Addons by Elementor | Medium | 6.4 | 2024-04-10 05:32:23 | Deep Dive |
| CVE-2024-2539 | Elementor Addons by Livemesh <= 8.3.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget _id attribute | livemesh | Livemesh Addons by Elementor | Medium | 6.4 | 2024-04-10 05:32:22 | Deep Dive |
| CVE-2024-2666 | Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | leap13 | Premium Addons for Elementor – Powerful Elementor Templates & Widgets | Medium | 5.4 | 2024-04-10 03:31:20 | Deep Dive |
| CVE-2024-2664 | Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) Stored Cross-Site Scripting | leap13 | Premium Addons for Elementor – Powerful Elementor Templates & Widgets | Medium | 6.4 | 2024-04-10 03:09:46 | Deep Dive |
| CVE-2024-2665 | Premium Addons for Elementor <= 4.10.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button | leap13 | Premium Addons for Elementor – Powerful Elementor Templates & Widgets | Medium | 6.4 | 2024-04-10 03:09:46 | Deep Dive |
| CVE-2024-2138 | JetWidgets For Elementor <= 1.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Box Widget | jetmonsters | JetWidgets For Elementor | Medium | 6.4 | 2024-04-09 18:59:35 | Deep Dive |
| CVE-2024-1498 | Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Photo Stack Widget | thehappymonster | Happy Addons for Elementor | Medium | 6.4 | 2024-04-09 18:59:33 | Deep Dive |
| CVE-2024-2787 | Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title HTML Tag | thehappymonster | Happy Addons for Elementor | Medium | 6.4 | 2024-04-09 18:59:31 | Deep Dive |
| CVE-2024-1458 | Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Widget | livemesh | Livemesh Addons by Elementor | Medium | 6.4 | 2024-04-09 18:59:29 | Deep Dive |
| CVE-2024-2792 | Elementor Addon Elements <= 1.13.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Text Separator' and 'Image Compare' Widget | wpvibes | Addon Elements for Elementor (formerly Elementor Addon Elements) | Medium | 6.4 | 2024-04-09 18:59:28 | Deep Dive |
| CVE-2024-1461 | Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget | livemesh | Livemesh Addons by Elementor | Medium | 6.4 | 2024-04-09 18:59:27 | Deep Dive |
| CVE-2024-2946 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.4 - Authenticated (Contributor+) Stored Cross-site Scripting via QR Code Widget | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-04-09 18:59:26 | Deep Dive |
| CVE-2024-2327 | Global Elementor Buttons <= 1.1.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via button link | tausworks | Global Elementor Buttons | Medium | 6.4 | 2024-04-09 18:59:25 | Deep Dive |