PT-2026-3959

Name of the Vulnerable Software and Affected Versions Element Pack Elementor Addons versions through 8.3.13 Description A Cross-Site Request Forgery CSRF issue exists in Element Pack Elementor Addons. This allows attackers to perform actions on behalf of authenticated users. Recommendations Updat...

EUVD-2024-33030

Malicious code in bioql PyPI...

CVE-2025-8100

The Element Pack Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markercontent' parameter in versions up to, and including, 8.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

WordPress Element Pack Elementor Addons plugin <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Open Street Map Widget Marker Content vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 8.1.5...

CVE-2024-1429

The Element Pack Elementor Addons Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tablink’ attribute of the Panel Slider widget in all versions up to, and...

WordPress Element Pack Elementor Addons plugin <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 5.10.29...

CVE-2024-11852

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getlayouts function in all versions up to, and including, 5.10.12. This makes it...

CVE-2024-9058 Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output...

CVE-2024-10980 Element Pack Elementor Addons < 5.10.3 - Contributor+ Stored XSS

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows WordPress plugin before 5.10.3 does not validate and escape some of its Cookie Consent block options before outputting them back in a page/post where the block is embed, which could allow...

CVE-2024-9657 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip' parameter in all versions up to, and including, 5.10.2 due to insufficient input sanitization and output...

WordPress Element Pack Elementor Addons Plugin <= 5.10.2 is vulnerable to Cross Site Scripting (XSS)

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.10.2 Fixed in 5.10.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9657 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fe1ff0e5049a Credits Webberna...

CVE-2024-7247 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Gallery and Countdown widgets in all versions up to, and including, 5.7.2 due to insufficient input...

WordPress Element Pack Elementor Addons plugin <= 5.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via titletag vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Element Pack Elementor Addons versions = 5.7.6...

CVE-2024-4643

CVE-2024-4643 concerns the WordPress plugin “Element Pack Elementor Addons” (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows). The vulnerability is a Stored Cross-Site Scripting (XSS) via the end_redirect_link parameter in versions up to and including 5.7.1, caused by insu...

CVE-2024-5555

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘social-link-title’ parameter in all versions up to, and including, 5.6.5 due to insufficient input sanitization and...

CVE-2024-5555

CVE-2024-5555 affects the Element Pack Elementor Addons (bdthemes-element-pack-lite) up to version 5.6.5, due to Stored XSS in the social-link-title parameter. The issue requires Contributor+ privileges and can cause arbitrary scripts to run when affected pages are viewed. Connected sources confi...

CVE-2024-5555 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘social-link-title’ parameter in all versions up to, and including, 5.6.5 due to insufficient input sanitization and...

CVE-2024-5554

CVE-2024-5554 affects the WordPress plugin Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows). The vulnerability is a Stored Cross-Site Scripting via the onclick_event parameter in all versions up to and including 5.6.11, caused by insufficient...

WordPress Element Pack Elementor Addons plugin <= 5.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by João Pedro Soares de Alcântara in WordPress Plugin Element Pack Elementor Addons versions = 5.6.5...

WordPress Element Pack Elementor Addons Plugin <= 5.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.6.5 Fixed in 5.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5555 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f61d9ad47cc9 Credits João Pedro...