| 2024-12-04 | CVE-2024-10787 | The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-12-04 | CVE-2024-12099 | The Dollie Hub – Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-12-03 | CVE-2024-12062 | Authorization Bypass Through User-Controlled Key vulnerability in Nicheaddons Charity Addon for Elementor
The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-28 | CVE-2024-10670 | The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the [prim_elementor_template] shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-28 | CVE-2024-10780 | The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.9 via the 'narestaurant_elementor_template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-28 | CVE-2024-10798 | Authorization Bypass Through User-Controlled Key vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-23 | CVE-2024-10868 | Authorization Bypass Through User-Controlled Key vulnerability in Themelooks Enter Addons
The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.9 via the Advanced Tabs widget due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-22 | CVE-2024-10666 | The Easy Twitter Feed – Twitter feeds plugin for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.6 via the [etf] shortcode. | 4.3 |
| 2024-11-21 | CVE-2024-10671 | Authorization Bypass Through User-Controlled Key vulnerability in Bplugins Button Block
The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the [btn_block] shortcode due to insufficient restrictions on which posts can be included. | 6.5 |
| 2024-11-21 | CVE-2024-10696 | Authorization Bypass Through User-Controlled Key vulnerability in Codeastrology Ultraaddons
The UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the show_template due to missing validation on a user controlled key. | 4.3 |