Element pack
This hub aggregates every CVE we track for Element pack, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
34
CVEs tracked
0
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM32HIGH2
Monthly trend
2
6
0
1
6
2
1
0
0
1
0
0
1
1
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Element pack.
- CVE-2025-8100Element Pack Elementor Addons and Templates <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content5.4
- CVE-2025-5944Element Pack Addons for Elementor <= 8.0.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption Attribute6.4
- CVE-2025-1458Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4
- CVE-2024-12851Element Pack Lite - Addons for Elementor <= 5.10.14 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4
- CVE-2024-11852Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization4.3
- CVE-2024-9058Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget6.4
- CVE-2024-10980Element Pack Elementor Addons < 5.10.3 - Contributor+ Stored XSS5.4
- CVE-2024-10493Element Pack Elementor Addons < 5.10.3 - Contributor+ Stored XSS5.4
- CVE-2024-9657Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting6.5
- CVE-2024-9867Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Map Widget5.4
- CVE-2024-9868Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate5.4
- CVE-2024-10310Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget6.4
- CVE-2024-47392WordPress Element Pack Elementor Addons plugin <= 5.7.5 - Cross Site Scripting (XSS) vulnerability6.5
- CVE-2024-7247Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets6.4
- CVE-2024-4359Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Arbitrary File Read6.5
Product normalization is registry-driven with AI assist and human review. How it works