EUVD-2026-20046

The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'followustext' setting of the Mount widget in all versions up to, and including, 4.1.10. This is due to insufficient input sanitization and output escaping. Specifically, the...

CVE-2026-4341

The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'followustext' setting of the Mount widget in all versions up to, and including, 4.1.10. This is due to insufficient input sanitization and output escaping. Specifically, the...

WordPress plugin Prime Slider – Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to th...

PT-2026-31081

Name of the Vulnerable Software and Affected Versions Prime Slider – Addons for Elementor plugin for WordPress versions up to and including 4.1.10 Description The Prime Slider – Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient...

WordPress Prime Slider - Addons For Elementor plugin server-side request forgery vulnerability

WordPress Prime Slider - Addons For Elementor plugin is a free plugin for Elementor page builder designed to help users easily create various interactive responsive sliders. The WordPress Prime Slider - Addons For Elementor plugin suffers from a server-side request forgery vulnerability, which...

EUVD-2025-204265

The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.9 via the importelementortemplate AJAX action. This makes it possible for authenticated attackers, with subscriber level access and above, to make we...

PT-2025-52216

The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.9 via the import elementor template AJAX action. This makes it possible for authenticated attackers, with subscriber level access and above, to make...

CVE-2024-3997

The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pagepiling widget in all versions up to, and including, 3.14.1 due to insufficient input sanitization and output escapin...

CVE-2024-5881

The Webico Slider Flatsome Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wbcimage shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-12043

The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sociallinktitle' parameter of the 'blog' widget in all versions up to, and including, 3.16.5 due to insufficient...

PT-2025-1734 · WordPress · The Prime Slider – Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Prime Slider – Addons For Elementor plugin for WordPress versions up to, and including, 3.16.5 Description: The issue concerns a Stored Cross-Site Scripting vulnerability. It is caused by insufficient input sanitization and output escaping,...

CVE-2024-5640

The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and...

WordPress plugin Prime Slider – Addons For Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress Prime Slider plugin <= 3.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Prime Slider – Addons For Elementor versions = 3.14.3...

CVE-2024-32682

Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2...

PT-2024-23237 · Unknown · The Prime Slider – Addons For Elementor

Name of the Vulnerable Software and Affected Versions: BdThemes Prime Slider – Addons For Elementor versions 3.13.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means...

CVE-2024-1508

The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings'titletags'' attribute of the Mercury widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible f...

CVE-2024-1506

The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titletags' attribute of the Fiestar widget in all versions up to, and including, 3.13.1 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress Slider Addons for The Events Calendar Plugin <= 5.6 is vulnerable to Cross Site Scripting (XSS)

Software Slider Addons for The Events Calendar Type Plugin Vulnerable versions = 5.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d83dcd3934a0 Credits Rafie Muhammad...

WordPress Slider Addons for The Events Calendar plugin < 1.0.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Slider Addons for The Events Calendar plugin versions 1.0.1. Solution Update the WordPress Slider Addons for The Events Calendar plugin to the latest available version at least 1.0.1...