| CVE-2023-0721 | Metform Elementor Contact Form Builder <= 3.3.0 - Unauthenticated CSV Injection | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | High | 8.3 | 2023-06-09 05:33:34 | Deep Dive |
| CVE-2023-1169 | OoohBoi Steroids for Elementor <= 2.1.4 - Missing Authorization leading to Authenticated (Subscriber+) Image Upload | sagarpatel124 | OoohBoi Steroids for Elementor | Medium | 4.3 | 2023-06-09 05:33:32 | Deep Dive |
| CVE-2023-1807 | Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Cross-Site Request Forgery via toggle_widget | staxwp | Stax Addons for Elementor | Medium | 4.3 | 2023-06-09 05:33:32 | Deep Dive |
| CVE-2023-0708 | Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_first_name shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.4 | 2023-06-09 05:33:28 | Deep Dive |
| CVE-2023-2189 | Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Missing Authorization in toggle_widget | staxwp | Stax Addons for Elementor | Medium | 4.3 | 2023-06-09 05:33:25 | Deep Dive |
| CVE-2023-0691 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_last_name shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 4.3 | 2023-06-09 05:33:24 | Deep Dive |
| CVE-2023-0710 | Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_thankyou shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 4.9 | 2023-06-09 05:33:24 | Deep Dive |
| CVE-2023-0688 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_thankyou shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.5 | 2023-06-09 05:33:23 | Deep Dive |
| CVE-2023-1843 | Metform Elementor Contact Form Builder <= 3.3.0 - Missing Authorization | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.5 | 2023-06-09 05:33:19 | Deep Dive |
| CVE-2023-0709 | Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_last_name shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.4 | 2023-06-09 05:33:14 | Deep Dive |
| CVE-2023-0693 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_transaction_id' shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.5 | 2023-06-09 05:33:13 | Deep Dive |
| CVE-2023-0694 | Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 6.5 | 2023-06-09 05:33:12 | Deep Dive |
| CVE-2023-0695 | Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf shortcode | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Medium | 5.4 | 2023-06-09 05:33:12 | Deep Dive |
| CVE-2022-4950 | Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation | narinder-singh | The Events Calendar Events Notification Bar Addon | High | 8.8 | 2023-06-07 01:51:53 | Deep Dive |
| CVE-2023-3124 | Elementor Pro <= 3.11.6 - Authenticated(Subscriber+) Privilege Escalation via update_page_option | https://elementor.com/ | Elementor Website Builder Pro | High | 8.8 | 2023-06-07 01:51:21 | Deep Dive |
| CVE-2020-36703 | Elementor Website Builder <= 2.9.7 - Authenticated Stored Cross-Site Scripting | elemntor | Elementor Website Builder – more than just a page builder | Medium | 6.4 | 2023-06-07 01:51:17 | Deep Dive |
| CVE-2023-0443 | AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure | Unknown | AnyWhere Elementor | 中危 | - | 2023-05-30 07:49:19 | Deep Dive |
| CVE-2023-0329 | Elementor Website Builder < 3.12.2 - Admin+ SQLi | Unknown | Elementor Website Builder | 高危 | - | 2023-05-30 07:49:14 | Deep Dive |
| CVE-2022-45076 | WordPress Flexible Elementor Panel Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF) | WebMat | Flexible Elementor Panel | Medium | 4.3 | 2023-05-22 09:40:39 | Deep Dive |
| CVE-2023-23683 | WordPress White Label Branding for Elementor Page Builder Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) | Ozan Canakli | White Label Branding for Elementor Page Builder | Medium | 5.9 | 2023-05-15 11:36:46 | Deep Dive |