| CVE-2023-50901 | WordPress HT Mega Plugin <= 2.3.8 is vulnerable to Cross Site Scripting (XSS) | HasThemes | HT Mega – Absolute Addons For Elementor | High | 7.1 | 2023-12-29 11:06:05 | Deep Dive |
| CVE-2023-31095 | WordPress Integration for Contact Form 7 HubSpot Plugin <= 1.2.8 is vulnerable to Open Redirection | CRM Perks | Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms | Medium | 4.7 | 2023-12-29 09:50:01 | Deep Dive |
| CVE-2023-31231 | WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.65 is vulnerable to Arbitrary File Upload | Unlimited Elements | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | Critical | 9.9 | 2023-12-20 18:56:58 | Deep Dive |
| CVE-2023-37982 | WordPress Integration for Contact Form 7 and Salesforce Plugin <= 1.3.3 is vulnerable to Open Redirection | CRM Perks | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms | Medium | 4.7 | 2023-12-19 20:07:31 | Deep Dive |
| CVE-2023-37390 | WordPress Themesflat Addons For Elementor Plugin <= 2.0.0 is vulnerable to PHP Object Injection | Themesflat | Themesflat Addons For Elementor | High | 8.3 | 2023-12-19 15:47:16 | Deep Dive |
| CVE-2023-48762 | WordPress JetElements For Elementor Plugin <= 2.6.13 is vulnerable to Cross Site Request Forgery (CSRF) | Crocoblock | JetElements For Elementor | Medium | 6.3 | 2023-12-18 16:16:41 | Deep Dive |
| CVE-2023-48756 | WordPress JetBlocks For Elementor Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS) | Crocoblock | JetBlocks For Elementor | High | 7.1 | 2023-12-14 16:40:36 | Deep Dive |
| CVE-2023-49739 | WordPress PowerPack Pro for Elementor plugin <= 2.9.23 - Reflected Cross Site Scripting (XSS) vulnerability | IdeaBox Creations | PowerPack Pro for Elementor | High | 7.1 | 2023-12-14 14:43:10 | Deep Dive |
| CVE-2023-47779 | WordPress Integration for Contact Form 7 and Constant Contact Plugin <= 1.1.4 is vulnerable to Open Redirection | CRM Perks | Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms | Medium | 4.7 | 2023-12-07 12:11:33 | Deep Dive |
| CVE-2023-41804 | WordPress Starter Templates Plugin <= 3.2.4 is vulnerable to Server Side Request Forgery (SSRF) | Brainstorm Force | Starter Templates — Elementor, WordPress & Beaver Builder Templates | High | 7.1 | 2023-12-07 10:58:43 | Deep Dive |
| CVE-2023-47827 | WordPress Events Addon for Elementor Plugin <= 2.1.3 is vulnerable to Broken Access Control | NicheAddons | Events Addon for Elementor | Medium | 6.5 | 2023-11-30 13:31:35 | Deep Dive |
| CVE-2023-47505 | WordPress Elementor Website Builder Plugin <= 3.16.4 is vulnerable to Cross Site Scripting (XSS) | Elementor.com | Elementor | Medium | 6.5 | 2023-11-30 12:02:10 | Deep Dive |
| CVE-2023-32245 | WordPress Essential Addons for Elementor Pro Plugin <= 5.4.8 is vulnerable to Server Side Request Forgery (SSRF) | WPDeveloper | Essential Addons for Elementor Pro | Medium | 5.4 | 2023-11-18 22:32:56 | Deep Dive |
| CVE-2023-4690 | Elementor Addon Elements <= 1.12.7 - Cross-Site Request Forgery | wpvibes | Addon Elements for Elementor (formerly Elementor Addon Elements) | Medium | 5.4 | 2023-11-15 22:32:30 | Deep Dive |
| CVE-2023-5381 | Elementor Addon Elements <= 1.12.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | wpvibes | Addon Elements for Elementor (formerly Elementor Addon Elements) | Medium | 4.4 | 2023-11-15 22:32:30 | Deep Dive |
| CVE-2023-4689 | Elementor Addon Elements <= 1.12.7 - Cross-Site Request Forgery | wpvibes | Addon Elements for Elementor (formerly Elementor Addon Elements) | Medium | 5.4 | 2023-11-15 22:32:29 | Deep Dive |
| CVE-2023-4723 | Elementor Addon Elements <= 1.12.7 - Missing Authorization to Sensitive Information Exposure | wpvibes | Addon Elements for Elementor (formerly Elementor Addon Elements) | Medium | 5.3 | 2023-11-15 22:32:29 | Deep Dive |
| CVE-2023-47680 | WordPress Qi Addons For Elementor Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS) | Qode Interactive | Qi Addons For Elementor | Medium | 6.5 | 2023-11-13 23:13:55 | Deep Dive |
| CVE-2023-31212 | WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to SQL Injection | CRM Perks | Database for Contact Form 7, WPforms, Elementor forms | 超危 | - | 2023-10-31 14:04:44 | Deep Dive |
| CVE-2023-5360 | Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload | Unknown | Royal Elementor Addons and Templates | 超危 | - | 2023-10-31 13:54:42 | Deep Dive |