The Avada theme, Website Builder for WordPress & WooCommerce, is vulnerable to exposure of sensitive information in versions up to and including 7.11.5 through the form entry page....
The Elementor Website Builder plugin, much more than just a Page Builder for WordPress, is vulnerable to arbitrary file deletions and PHAR deserialization in versions up to and including 3.19.0....
The plugin is vulnerable to unauthorized access and data modification due to a type manipulation issue on the connect-app REST endpoint in all versions up to and including 2.8.7....