Title	CVE ID	CVSS	Vector	Date
User Registration <= 4.4.6 - Missing Authorization	CVE-2025-67956	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	January 21, 2026
Pie Register <= 3.8.4.8 - Missing Authorization	CVE-2026-24577	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	January 20, 2026
Xpro Elementor Addons <= 1.4.19.1 - Authenticated (Author+) Arbitrary File Upload	CVE-2025-69312	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 19, 2026
Frontend File Manager Plugin <= 23.5 - Unauthenticated Insecure Direct Object Reference	CVE-2026-25005	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	January 16, 2026
Master Addons for Elementor <= 2.0.9.9.4 - Unauthenticated Insecure Direct Object Reference	CVE-2025-63053	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	December 31, 2025
Make Section & Column Clickable For Elementor <= 2.4 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2025-63033	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	December 7, 2025
Thim Elementor Kit <= 1.3.3 - Authenticated (Contributor+) Insecure Direct Object Reference	CVE-2025-67594	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	December 6, 2025
Happy Addons for Elementor <= 3.20.3 - Missing Authorization	CVE-2025-63077	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	December 4, 2025
Premium Addons for Elementor <= 4.11.53 - Unauthenticated Information Exposure	CVE-2025-68494	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	December 4, 2025
Tutor LMS Elementor Addons <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2025-63042	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 30, 2025
Ultimate Member Widgets for Elementor <= 2.3 - Unauthenticated Information Exposure	CVE-2025-66116	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	November 27, 2025
Essential Widgets <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2025-67543	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 26, 2025

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation