| CVE-2024-0376 | Premium Addons for Elementor <= 4.10.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link Widget | leap13 | Premium Addons for Elementor – Powerful Elementor Templates & Widgets | Medium | 6.4 | 2024-04-09 18:58:33 | Deep Dive |
| CVE-2024-31357 | WordPress Ultimate Store Kit Elementor Addons plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability | BdThemes | Ultimate Store Kit Elementor Addons | Medium | 6.5 | 2024-04-08 08:51:56 | Deep Dive |
| CVE-2024-31236 | WordPress Royal Elementor Addons plugin <= 1.3.93 - Cross Site Scripting (XSS) vulnerability | WP Royal | Royal Elementor Addons | Medium | 6.5 | 2024-04-07 17:52:48 | Deep Dive |
| CVE-2024-31346 | WordPress Gradient Text Widget for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | Blocksmarket | Gradient Text Widget for Elementor | Medium | 6.5 | 2024-04-07 17:37:50 | Deep Dive |
| CVE-2024-2132 | Ultimate Bootstrap Elements for Elementor <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Widget | g5theme | Ultimate Bootstrap Elements for Elementor | Medium | 6.4 | 2024-04-06 08:38:53 | Deep Dive |
| CVE-2024-0837 | Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Custom Gallery' Widget | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2024-04-06 07:34:56 | Deep Dive |
| CVE-2024-1428 | Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Trailer Box Widget | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2024-04-06 07:34:54 | Deep Dive |
| CVE-2024-3245 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Block | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-04-06 02:32:04 | Deep Dive |
| CVE-2024-2803 | ElementsKit Elementor addons <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget | roxnor | ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor | Medium | 6.4 | 2024-04-04 01:56:58 | Deep Dive |
| CVE-2024-2868 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Universal Product Layout | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-04-04 01:56:45 | Deep Dive |
| CVE-2024-3162 | Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial | jegtheme | Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress | Medium | 6.4 | 2024-04-03 02:32:47 | Deep Dive |
| CVE-2024-1327 | Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box | jegtheme | Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress | Medium | 6.4 | 2024-04-03 02:32:46 | Deep Dive |
| CVE-2024-2924 | Creative Addons for Elementor <= 1.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting | echoplugins | Creative Addons for Elementor | Medium | 6.4 | 2024-04-02 05:32:50 | Deep Dive |
| CVE-2024-2791 | Metform Elementor Contact Form Builder <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.4 | 2024-04-02 05:32:49 | Deep Dive |
| CVE-2024-30524 | WordPress PDF Viewer for Elementor plugin <= 2.9.3 - Cross Site Scripting (XSS) vulnerability | RedLettuce Plugins | PDF Viewer for Elementor | Medium | 6.5 | 2024-03-31 20:08:20 | Deep Dive |
| CVE-2024-30533 | WordPress Layouts for Elementor plugin < 1.8 - Arbitrary File Upload vulnerability | Techeshta | Layouts for Elementor | High | 7.5 | 2024-03-31 18:09:12 | Deep Dive |
| CVE-2024-3018 | Essential Addons for Elementor <= 5.9.13 - Authenticated (Author+) PHP Object Injection via error_resetpassword | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | High | 8.8 | 2024-03-30 11:17:26 | Deep Dive |
| CVE-2024-2491 | PowerPack Addons for Elementor <= 2.7.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via *_html_tag* | ideaboxcreations | PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) | Medium | 6.4 | 2024-03-30 09:37:30 | Deep Dive |
| CVE-2024-1238 | ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | roxnor | ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor | Medium | 6.4 | 2024-03-30 04:31:10 | Deep Dive |
| CVE-2024-0367 | Unlimited Elements For Elementor <= 1.5.96 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link | unitecms | Unlimited Elements For Elementor | Medium | 6.4 | 2024-03-30 04:31:08 | Deep Dive |