Element pack – widgets, templates & addons for elementor

This hub aggregates every CVE we track for Element pack – widgets, templates & addons for elementor, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Web & CMS Pluginson-premcms plugin

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM29

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Element pack – widgets, templates & addons for elementor.

CVE-2026-4655Element Pack Addons for Elementor <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget6.4Apr 8, 2026
CVE-2026-1793Element Pack Addons for Elementor <= 8.3.17 - Authenticated (Contributor+) Arbitrary File Read6.5Feb 15, 2026
CVE-2025-13196Element Pack Addons for Elementor <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget5.4Nov 18, 2025
CVE-2025-11536Element Pack Addons for Elementor <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery5.0Oct 20, 2025
CVE-2025-8100Element Pack Elementor Addons and Templates <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content5.4Aug 6, 2025
CVE-2025-5292Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder <= 5.11.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting6.4May 31, 2025
CVE-2025-1458Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4Apr 26, 2025
CVE-2025-1457Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting6.4Apr 19, 2025
CVE-2024-12851Element Pack Lite - Addons for Elementor <= 5.10.14 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4Jan 8, 2025
CVE-2024-11852Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization4.3Dec 22, 2024
CVE-2024-9058Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget6.4Dec 3, 2024
CVE-2024-9657Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting6.5Nov 5, 2024
CVE-2024-9867Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Map Widget5.4Nov 5, 2024
CVE-2024-9868Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate5.4Nov 2, 2024
CVE-2024-10310Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget6.4Nov 2, 2024

Product normalization is registry-driven with AI assist and human review. How it works