Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-05-27
CVE-2026-49053 - Elementor Plugin
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6.
PLUGIN
Elementor
CVE-2026-49053
Risk Score
Threat Entry
Updated 2026-05-27
CVE-2026-49052 - Elementor Plugin
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6.
PLUGIN
Elementor
CVE-2026-49052
Risk Score
Threat Entry
Updated 2026-05-26
CVE-2026-48837 - Elementor Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8.
PLUGIN
Elementor
CVE-2026-48837
Risk Score
Threat Entry
Updated 2026-05-20
CVE-2026-45443 - Elementor Plugin
Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through 5.5.1.
PLUGIN
Elementor
CVE-2026-45443
Risk Score
Threat Entry
Updated 2026-05-12
CVE-2026-45214 - Elementor Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through
PLUGIN
Elementor
CVE-2026-45214
Risk Score
Threat Entry
Updated 2026-05-07
CVE-2026-27421 - Elementor Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: from n/a before 1.7.1053.
PLUGIN
Elementor
CVE-2026-27421
Risk Score
Threat Entry
Updated 2026-05-07
CVE-2026-25468 - Elementor Plugin
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8.
PLUGIN
Elementor
CVE-2026-25468
Risk Score
Threat Entry
Updated 2026-05-07
CVE-2026-25436 - Elementor Plugin
Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal Elementor Addons: from n/a before 1.7.1053.
PLUGIN
Elementor
CVE-2026-25436
Risk Score
Threat Entry
Updated 2026-05-01
CVE-2026-6127 - Elementor Plugin
The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _elementor_data meta field in versions up to, and including, 4.0.4. This is due to insufficient input sanitization when processing form-encoded REST API requests. The plugin registers the _elementor_data meta field with show_in_rest but omits a sanitize_callback, relying instead on a rest_pre_insert_post filter (sanitize_post_data function) that only sanitizes JSON-encoded request bodies. When a contributor sends a form-encoded PATCH request to the WordPress REST API, the json_decode() call on the raw body returns null, causing all sanitization…
PLUGIN
Elementor
CVE-2026-6127
Risk Score
Threat Entry
Updated 2026-04-27
CVE-2026-42410 - Elementor Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) allows DOM-Based XSS.This issue affects TheGem Theme Elements (for Elementor): from n/a before 5.12.1.1.
PLUGIN
Elementor
CVE-2026-42410
Risk Score
Threat Entry
Updated 2026-04-22
CVE-2026-40745 - Elementor Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through
PLUGIN
Elementor
CVE-2026-40745
Risk Score
Threat Entry
Updated 2026-04-22
CVE-2026-40763 - Elementor Plugin
Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through
PLUGIN
Elementor
CVE-2026-40763
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-39703 - Elementor Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through
PLUGIN
Elementor
CVE-2026-39703
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-39702 - Elementor Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through
PLUGIN
Elementor
CVE-2026-39702
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-39636 - Elementor Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through
PLUGIN
Elementor
CVE-2026-39636
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-39500 - Elementor Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This issue affects themesflat-addons-for-elementor: from n/a through
PLUGIN
Elementor
CVE-2026-39500
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-32532 - Elementor Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Stored XSS.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through
PLUGIN
Elementor
CVE-2026-32532
Risk Score
Threat Entry
Updated 2026-04-29
CVE-2026-32527 - Elementor Plugin
Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through
PLUGIN
Elementor
CVE-2026-32527
Risk Score
Threat Entry
Updated 2026-04-28
CVE-2026-25430 - Elementor Plugin
Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through
PLUGIN
Elementor
CVE-2026-25430
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-25398 - Elementor Plugin
Missing Authorization vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vertex Addons for Elementor: from n/a through
PLUGIN
Elementor
CVE-2026-25398
Risk Score