| CVE-2023-40679 | WordPress Master Elementor Addons plugin <= 2.0.5.3 - Broken Access Control vulnerability | Jewel Theme | Master Addons for Elementor | Medium | 6.5 | 2025-12-24 12:51:56 | Deep Dive |
| CVE-2025-68532 | WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - Cross Site Scripting (XSS) vulnerability | modeltheme | ModelTheme Addons for WPBakery and Elementor | Medium | 6.5 | 2025-12-24 12:31:26 | Deep Dive |
| CVE-2025-68500 | WordPress Prime Slider – Addons For Elementor plugin <= 4.0.10 - Server Side Request Forgery (SSRF) vulnerability | bdthemes | Prime Slider – Addons For Elementor | Medium | 4.9 | 2025-12-24 12:31:20 | Deep Dive |
| CVE-2025-68494 | WordPress Premium Addons for Elementor plugin <= 4.11.53 - Sensitive Data Exposure vulnerability | Leap13 | Premium Addons for Elementor | Medium | 5.3 | 2025-12-24 12:31:19 | Deep Dive |
| CVE-2024-24844 | WordPress PowerPack Pro for Elementor plugin <= 2.10.6 - Unauthenticated Plugin Settings Reset vulnerability | IdeaBox Creations | PowerPack Pro for Elementor | High | 7.5 | 2025-12-23 12:06:05 | Deep Dive |
| CVE-2025-68559 | WordPress TheGem Theme Elements (for Elementor) plugin <= 5.10.5.1 - Cross Site Scripting (XSS) vulnerability | CodexThemes | TheGem Theme Elements (for Elementor) | Medium | 6.5 | 2025-12-23 11:37:35 | Deep Dive |
| CVE-2025-68560 | WordPress TheGem Theme Elements (for Elementor) plugin <= 5.10.5.1 - Local File Inclusion vulnerability | CodexThemes | TheGem Theme Elements (for Elementor) | High | 7.5 | 2025-12-23 11:36:26 | Deep Dive |
| CVE-2025-14635 | Happy Addons for Elementor <= 3.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS | thehappymonster | Happy Addons for Elementor | Medium | 6.4 | 2025-12-23 11:13:49 | Deep Dive |
| CVE-2025-14163 | Premium Addons for Elementor <= 4.11.53 - Cross-Site Request Forgery via 'insert_inner_template' | leap13 | Premium Addons for Elementor – Powerful Elementor Templates & Widgets | Medium | 4.3 | 2025-12-23 09:20:01 | Deep Dive |
| CVE-2025-14155 | Premium Addons for Elementor <= 4.11.53 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'get_template_content' | leap13 | Premium Addons for Elementor – Powerful Elementor Templates & Widgets | Medium | 5.3 | 2025-12-23 09:20:00 | Deep Dive |
| CVE-2025-62094 | WordPress Void Elementor WHMCS Elements For Elementor Page Builder plugin <= 2.0.1.2 - Cross Site Scripting (XSS) vulnerability | voidthemes | Void Elementor WHMCS Elements For Elementor Page Builder | Medium | 6.5 | 2025-12-22 09:47:18 | Deep Dive |
| CVE-2025-64355 | WordPress JetElements For Elementor plugin <= 2.7.12 - Cross Site Scripting (XSS) vulnerability | Crocoblock | JetElements For Elementor | Medium | 6.5 | 2025-12-18 16:16:34 | Deep Dive |
| CVE-2025-14277 | Prime Slider – Addons for Elementor <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery | bdthemes | Prime Slider – Addons for Elementor | Medium | 4.3 | 2025-12-18 12:22:26 | Deep Dive |
| CVE-2025-66116 | WordPress Ultimate Member Widgets for Elementor plugin <= 2.3 - Sensitive Data Exposure vulnerability | UserElements | Ultimate Member Widgets for Elementor | High | 7.5 | 2025-12-18 07:22:19 | Deep Dive |
| CVE-2025-60084 | WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.5.0 - PHP Object Injection vulnerability | add-ons.org | PDF for Elementor Forms + Drag And Drop Template Builder | High | 8.8 | 2025-12-18 07:22:08 | Deep Dive |
| CVE-2025-13977 | Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2025-12-17 03:20:20 | Deep Dive |
| CVE-2025-11220 | Elementor <= 3.33.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Text Path | elemntor | Elementor Website Builder – more than just a page builder | Medium | 6.4 | 2025-12-16 11:15:44 | Deep Dive |
| CVE-2025-68088 | WordPress Huger for Elementor plugin <= 1.1.5 - Broken Access Control vulnerability | merkulove | Huger for Elementor | Medium | 5.4 | 2025-12-16 08:13:06 | Deep Dive |
| CVE-2025-68085 | WordPress Buttoner for Elementor plugin <= 1.0.6 - Settings Change vulnerability | merkulove | Buttoner for Elementor | Medium | 5.4 | 2025-12-16 08:13:06 | Deep Dive |
| CVE-2025-68087 | WordPress Modalier for Elementor plugin <= 1.0.6 - Broken Access Control vulnerability | merkulove | Modalier for Elementor | Medium | 5.4 | 2025-12-16 08:13:06 | Deep Dive |