| CVE-2024-0835 | Royal Elementor Kit <= 1.0.116 - Missing Authorization to Arbitrary Transient Update | wproyal | Royal Elementor Kit | Medium | 4.3 | 2024-02-05 21:21:45 | Deep Dive |
| CVE-2024-0585 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image URl | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 5.4 | 2024-02-05 21:21:41 | Deep Dive |
| CVE-2024-0823 | Exclusive Addons for Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | timstrifler | Exclusive Addons for Elementor | Medium | 5.4 | 2024-02-05 21:21:39 | Deep Dive |
| CVE-2024-0448 | Elementor Addons by Livemesh <= 8.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | livemesh | Livemesh Addons by Elementor | Medium | 6.4 | 2024-02-05 21:21:31 | Deep Dive |
| CVE-2024-24846 | WordPress Mighty Addons for Elementor Plugin <= 1.9.3 is vulnerable to Cross Site Scripting (XSS) | MightyThemes | Mighty Addons for Elementor | High | 7.1 | 2024-02-05 06:20:06 | Deep Dive |
| CVE-2024-22136 | WordPress Droit Elementor Addons Plugin <= 3.1.5 is vulnerable to Cross Site Request Forgery (CSRF) | DroitThemes | Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder | Medium | 4.3 | 2024-01-31 13:53:10 | Deep Dive |
| CVE-2024-1069 | Contact Form Entries <= 1.3.2 - Authenticated (Administrator+) Arbitrary File Upload | crmperks | Database for Contact Form 7, WPforms, Elementor forms | High | 7.2 | 2024-01-31 02:35:10 | Deep Dive |
| CVE-2024-0824 | Exclusive Addons for Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Anything | timstrifler | Exclusive Addons for Elementor | Medium | 6.4 | 2024-01-27 04:31:30 | Deep Dive |
| CVE-2023-5922 | Royal Elementor Addons and Templates < 1.3.81 - Unauthenticated Arbitrary Post Read | Unknown | Royal Elementor Addons and Templates | 高危 | - | 2024-01-16 15:57:21 | Deep Dive |
| CVE-2022-23179 | Contact Form & Lead Form Elementor Builder < 1.7.0 - Multiple Admin+ Stored Cross-Site Scripting | Unknown | Contact Form & Lead Form Elementor Builder | 中危 | - | 2024-01-16 15:52:09 | Deep Dive |
| CVE-2022-23180 | Contact Form & Lead Form Elementor Builder Plugin < 1.7.4 - Multiple Subscriber+ Settings Update | Unknown | Contact Form & Lead Form Elementor Builder | 中危 | - | 2024-01-16 15:52:09 | Deep Dive |
| CVE-2023-6843 | easy.jobs < 2.4.7 - Subscriber+ Arbitrary Settings Update | Unknown | easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg | 中危 | - | 2024-01-15 15:10:40 | Deep Dive |
| CVE-2023-6582 | ElementsKit Lite <= 3.0.3 - Unauthenticated Sensitive Information Exposure | roxnor | ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor | Medium | 5.3 | 2024-01-11 08:33:12 | Deep Dive |
| CVE-2023-6632 | Happy Addons for Elementor <= 3.9.1.1 - Reflected Cross-Site Scripting | weDevs | Happy Addons for Elementor Pro | Medium | 6.1 | 2024-01-11 08:32:27 | Deep Dive |
| CVE-2023-6788 | Metform Elementor Contact Form Builder <= 3.8.1 - Cross-Site Request Forgery | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.4 | 2024-01-09 03:31:31 | Deep Dive |
| CVE-2023-52150 | WordPress Dynamic Content for Elementor Plugin < 2.12.5 is vulnerable to Cross Site Request Forgery (CSRF) | Ovation S.r.l. | Dynamic Content for Elementor | High | 8.8 | 2024-01-05 08:07:23 | Deep Dive |
| CVE-2023-7044 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-01-04 09:31:04 | Deep Dive |
| CVE-2023-6984 | PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.13 - Cross-Site Request Forgery | ideaboxcreations | PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) | Medium | 5.3 | 2024-01-03 08:29:49 | Deep Dive |
| CVE-2023-6986 | EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-01-03 06:41:25 | Deep Dive |
| CVE-2023-39157 | WordPress JetElements For Elementor Plugin <= 2.6.10 is vulnerable to Remote Code Execution (RCE) | Crocoblock | JetElements For Elementor | Critical | 9.0 | 2023-12-31 10:04:01 | Deep Dive |