| CVE-2026-10833 | Gutenberg Essential Blocks - Page Builder for Gutenberg Blocks & Patterns <= 6.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'configurablePrefix' Block Attribute — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 | 6.4 | Medium | 2026-06-25 |
| CVE-2026-12157 | BetterDocs <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'blockId' Block Attribute — BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with ChatbotCWE-79 | 6.4 | Medium | 2026-06-19 |
| CVE-2026-7796 | EmbedPress <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block 'url' Attribute — EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & moreCWE-79 | 6.4 | Medium | 2026-06-06 |
| CVE-2026-7665 | Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-639 | 5.3 | Medium | 2026-06-06 |
| CVE-2026-10586 | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 6.1.3 - Authenticated (Author+) Server-Side Request Forgery — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-918 | 7.2 | High | 2026-06-04 |
| CVE-2026-5193 | Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.13 - Authenticated (Author+) Limited Privilege Escalation via register_user — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-269 | 6.5 | Medium | 2026-05-14 |
| CVE-2026-4658 | Gutenberg Essential Blocks <= 6.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 | 6.4 | Medium | 2026-05-02 |
| CVE-2026-6393 | BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage — BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block EditorCWE-862 | 4.3 | Medium | 2026-04-24 |
| CVE-2026-3875 | BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block EditorCWE-79 | 6.4 | Medium | 2026-04-16 |
| CVE-2026-1512 | Essential Addons for Elementor <= 6.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 | 6.4 | Medium | 2026-02-14 |
| CVE-2025-15380 | NotificationX <= 3.2.0 - Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview' — NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification BarCWE-79 | 7.2 | High | 2026-01-20 |
| CVE-2026-0554 | NotificationX <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset — NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification BarCWE-862 | 4.3 | Medium | 2026-01-20 |
| CVE-2026-1004 | Essential Addons for Elementor <= 6.5.5 - Missing Authorization to Unauthenticated Sensitive Information Exposure — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-862 | 5.3 | Medium | 2026-01-16 |
| CVE-2026-0831 | Templately <= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write — Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud!CWE-863 | 5.3 | Medium | 2026-01-10 |
| CVE-2025-14980 | BetterDocs <= 4.3.3 - Authenticated (Contributor+) Sensitive Information Exposure — BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block EditorCWE-200 | 6.5 | Medium | 2026-01-09 |
| CVE-2025-13977 | Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 | 6.4 | Medium | 2025-12-17 |
| CVE-2025-11369 | Essential Blocks <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information Disclosure — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-862 | 4.3 | Medium | 2025-12-17 |
| CVE-2025-11270 | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 | 6.4 | Medium | 2025-10-18 |
| CVE-2025-11361 | Essential Blocks <= 5.7.1 - Authenticated (Author+) Server-Side Request Forgery — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-918 | 6.4 | Medium | 2025-10-18 |
| CVE-2025-7499 | BetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information Disclosure — BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block EditorCWE-862 | 5.3 | Medium | 2025-08-16 |
| CVE-2025-8451 | Essential Addons for Elementor – Popular Elementor Templates and Widgets <= 6.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'data-gallery-items' — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 | 6.4 | Medium | 2025-08-15 |
| CVE-2025-6244 | Essential Addons for Elementor – Popular Elementor Templates and Widgets <= 6.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Calendar` And `Business Reviews` Widgets — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 | 6.4 | Medium | 2025-07-08 |
| CVE-2024-9993 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Event Calendar Widget — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 | 6.4 | Medium | 2025-06-07 |
| CVE-2024-9994 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Pricing Table Widget — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 | 6.4 | Medium | 2025-06-07 |
| CVE-2025-4682 | Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Slider and Post Carousel Widgets — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 | 6.4 | Medium | 2025-05-27 |
| CVE-2025-1664 | Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 | 6.4 | Medium | 2025-03-08 |
| CVE-2024-13803 | Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 | 6.4 | Medium | 2025-02-26 |
| CVE-2024-12045 | Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 | 4.4 | Medium | 2025-01-08 |
| CVE-2024-11727 | NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar <= 2.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting — NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification BarCWE-79 | 4.4 | Medium | 2024-12-12 |
| CVE-2024-11203 | EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name' — EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & moreCWE-79 | 6.4 | Medium | 2024-11-28 |