| CVE-2024-2117 | Elementor Website Builder – More than Just a Page Builder <= 3.20.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Path Widget | elemntor | Elementor Website Builder – more than just a page builder | Medium | 6.4 | 2024-04-09 18:59:21 | Deep Dive |
| CVE-2024-2789 | Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendy | thehappymonster | Happy Addons for Elementor | Medium | 6.4 | 2024-04-09 18:59:18 | Deep Dive |
| CVE-2024-2623 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-04-09 18:59:17 | Deep Dive |
| CVE-2024-1387 | Happy Addons for Elementor <= 3.10.4 - Incorrect Authorization to Information Exposure | thehappymonster | Happy Addons for Elementor | Medium | 4.3 | 2024-04-09 18:59:15 | Deep Dive |
| CVE-2024-2348 | Gum Elementor Addon <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Widget | celomitan | Gum Addon for Elementor | Medium | 6.4 | 2024-04-09 18:59:14 | Deep Dive |
| CVE-2024-2507 | JetWidgets For Elementor <= 1.0.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Widget Button URL | jetmonsters | JetWidgets For Elementor | Medium | 6.4 | 2024-04-09 18:59:10 | Deep Dive |
| CVE-2024-1465 | Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Carousel Widget | livemesh | Livemesh Addons by Elementor | Medium | 6.4 | 2024-04-09 18:59:07 | Deep Dive |
| CVE-2024-1464 | Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Slider Widget | livemesh | Livemesh Addons by Elementor | Medium | 6.4 | 2024-04-09 18:59:01 | Deep Dive |
| CVE-2024-2974 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.13 - Unauthenticated Sensitive Information Exposure | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 5.3 | 2024-04-09 18:59:01 | Deep Dive |
| CVE-2024-3244 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-04-09 18:59:00 | Deep Dive |
| CVE-2024-2788 | Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title HTML Tag | thehappymonster | Happy Addons for Elementor | Medium | 6.4 | 2024-04-09 18:58:57 | Deep Dive |
| CVE-2024-2650 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-04-09 18:58:56 | Deep Dive |
| CVE-2024-1466 | Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Multislider Widget | livemesh | Livemesh Addons by Elementor | Medium | 6.4 | 2024-04-09 18:58:51 | Deep Dive |
| CVE-2024-2786 | Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via title_tag | thehappymonster | Happy Addons for Elementor | Medium | 5.4 | 2024-04-09 18:58:47 | Deep Dive |
| CVE-2024-0826 | Qi Addons For Elementor <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | qodeinteractive | Qi Addons For Elementor | Medium | 6.4 | 2024-04-09 18:58:45 | Deep Dive |
| CVE-2024-1960 | ShopLentor <= 2.8.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Banner Link | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-04-09 18:58:43 | Deep Dive |
| CVE-2024-2845 | BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg <= 3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wpdevteam | BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor | Medium | 6.4 | 2024-04-09 18:58:41 | Deep Dive |
| CVE-2024-3064 | Elementor Addons, Widgets and Enhancements – Stax <= 1.4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | staxwp | Stax Addons for Elementor | Medium | 6.4 | 2024-04-09 18:58:35 | Deep Dive |
| CVE-2024-1974 | HT Mega – Absolute Addons For Elementor <= 2.4.5 - Authenticated (Contributor+) Directory Traversal | devitemsllc | HT Mega Addons for Elementor – Elementor Widgets & Template Builder | High | 8.8 | 2024-04-09 18:58:34 | Deep Dive |
| CVE-2024-2492 | PowerPack Addons for Elementor <= 2.7.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Tweet Widget | ideaboxcreations | PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) | Medium | 6.4 | 2024-04-09 18:58:34 | Deep Dive |